go implement strict SNI server

06f5bd18 · Jannik Hoelling · cff0e16a · 06f5bd18
Commit 06f5bd18 authored Nov 11, 2021 by Jannik Hoelling
--- a/golang/server/server.go
+++ b/golang/server/server.go
@@ -53,7 +53,6 @@ func main() {
 		// if no hostname is sent continue
 		conf.VerifyConnection = func(cs tls.ConnectionState) error {
 			if cs.NegotiatedProtocol == "" {
-				return nil
 				return errors.New("INVALID ALPN")
 			} else if cs.ServerName != servername && len(cs.ServerName) > 0 {
 				return errors.New("INVALID SNI: " + cs.ServerName)
@@ -63,6 +62,14 @@ func main() {
 				return nil
 			}
 		}
+	} else {
+		conf.VerifyConnection = func(cs tls.ConnectionState) error {
+			if cs.ServerName != servername && len(cs.ServerName) > 0 {
+				return errors.New("INVALID SNI: " + cs.ServerName)
+			} else {
+				return nil
+			}
+		}
 	}

 	// Listen for connections