From cb2082edee592e3d8bf6eb06b099308b5a519f47 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mois=C3=A9s=20Guimar=C3=A3es?= <moisesguimaraesm@gmail.com>
Date: Mon, 3 Jun 2013 10:04:49 -0300
Subject: [PATCH] changed CYASSL_SNI_ABORT_ON_MISMATCH to
 CYASSL_SNI_CONTINUE_ON_MISMATCH

---
 cyassl/ssl.h             |  2 +-
 examples/server/server.c |  6 +-----
 src/tls.c                | 15 +++++++++++----
 3 files changed, 13 insertions(+), 10 deletions(-)

diff --git a/cyassl/ssl.h b/cyassl/ssl.h
index 85807ace3..0af93fdfe 100644
--- a/cyassl/ssl.h
+++ b/cyassl/ssl.h
@@ -944,7 +944,7 @@ CYASSL_API int CyaSSL_CTX_UseSNI(CYASSL_CTX* ctx, unsigned char type,
 #ifndef NO_CYASSL_SERVER
 /* SNI options */
 enum {
-    CYASSL_SNI_ABORT_ON_MISMATCH = 0x01
+    CYASSL_SNI_CONTINUE_ON_MISMATCH = 0x01
 };
 
 CYASSL_API void CyaSSL_SNI_SetOptions(CYASSL* ssl, unsigned char type,
diff --git a/examples/server/server.c b/examples/server/server.c
index ffa29bc08..c0eac3e51 100644
--- a/examples/server/server.c
+++ b/examples/server/server.c
@@ -408,14 +408,10 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
 #endif
 
 #ifdef HAVE_SNI
-    if (sniHostName) {
+    if (sniHostName)
         if (CyaSSL_CTX_UseSNI(ctx, CYASSL_SNI_HOST_NAME, sniHostName,
                                                           XSTRLEN(sniHostName)))
             err_sys("UseSNI failed");
-        else
-            CyaSSL_CTX_SNI_SetOptions(ctx, CYASSL_SNI_HOST_NAME,
-                                                  CYASSL_SNI_ABORT_ON_MISMATCH);
-    }
 #endif
 
     ssl = SSL_new(ctx);
diff --git a/src/tls.c b/src/tls.c
index 8cc4d3098..b902738ef 100644
--- a/src/tls.c
+++ b/src/tls.c
@@ -708,10 +708,17 @@ static int TLSX_SNI_Parse(CYASSL* ssl, byte* input, word16 length,
 
         switch(type) {
             case CYASSL_SNI_HOST_NAME:
-                if ((sni->options & CYASSL_SNI_ABORT_ON_MISMATCH)
-                    &&  ((XSTRLEN(sni->data.host_name) != size)
-                         || XSTRNCMP(sni->data.host_name,
-                                        (const char *) input + offset, size))) {
+                if (XSTRLEN(sni->data.host_name) != size
+                    || XSTRNCMP(sni->data.host_name,
+                                         (const char *) input + offset, size)) {
+                    if (sni->options & CYASSL_SNI_CONTINUE_ON_MISMATCH)
+                        break;
+                        /**
+                         * Better client thinks the server is not using SNI,
+                         * instead of thinking that the host_name matched.
+                         * No empty SNI response in this case.
+                         */
+
                     SendAlert(ssl, alert_fatal, unrecognized_name);
 
                     return UNKNOWN_SNI_HOST_NAME_E;