Commit 06f5bd18 authored by Jannik Hoelling's avatar Jannik Hoelling
Browse files

go implement strict SNI server

parent cff0e16a
......@@ -53,7 +53,6 @@ func main() {
// if no hostname is sent continue
conf.VerifyConnection = func(cs tls.ConnectionState) error {
if cs.NegotiatedProtocol == "" {
return nil
return errors.New("INVALID ALPN")
} else if cs.ServerName != servername && len(cs.ServerName) > 0 {
return errors.New("INVALID SNI: " + cs.ServerName)
......@@ -63,6 +62,14 @@ func main() {
return nil
}
}
} else {
conf.VerifyConnection = func(cs tls.ConnectionState) error {
if cs.ServerName != servername && len(cs.ServerName) > 0 {
return errors.New("INVALID SNI: " + cs.ServerName)
} else {
return nil
}
}
}
// Listen for connections
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment