changed CYASSL_SNI_ABORT_ON_MISMATCH to CYASSL_SNI_CONTINUE_ON_MISMATCH

cyassl/ssl.h

@@ -944,7 +944,7 @@ CYASSL_API int CyaSSL_CTX_UseSNI(CYASSL_CTX* ctx, unsigned char type,
 #ifndef NO_CYASSL_SERVER
 /* SNI options */
 enum {
-    CYASSL_SNI_ABORT_ON_MISMATCH = 0x01
+    CYASSL_SNI_CONTINUE_ON_MISMATCH = 0x01
 };
 
 CYASSL_API void CyaSSL_SNI_SetOptions(CYASSL* ssl, unsigned char type,

examples/server/server.c

@@ -408,14 +408,10 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
 #endif
 
 #ifdef HAVE_SNI
-    if (sniHostName) {
+    if (sniHostName)
         if (CyaSSL_CTX_UseSNI(ctx, CYASSL_SNI_HOST_NAME, sniHostName,
                                                           XSTRLEN(sniHostName)))
             err_sys("UseSNI failed");
-        else
-            CyaSSL_CTX_SNI_SetOptions(ctx, CYASSL_SNI_HOST_NAME,
-                                                  CYASSL_SNI_ABORT_ON_MISMATCH);
-    }
 #endif
 
     ssl = SSL_new(ctx);

src/tls.c

@@ -708,10 +708,17 @@ static int TLSX_SNI_Parse(CYASSL* ssl, byte* input, word16 length,
 
         switch(type) {
             case CYASSL_SNI_HOST_NAME:
-                if ((sni->options & CYASSL_SNI_ABORT_ON_MISMATCH)
+                if (XSTRLEN(sni->data.host_name) != size
-                    &&  ((XSTRLEN(sni->data.host_name) != size)
                     || XSTRNCMP(sni->data.host_name,
-                                        (const char *) input + offset, size))) {
+                                         (const char *) input + offset, size)) {
+                    if (sni->options & CYASSL_SNI_CONTINUE_ON_MISMATCH)
+                        break;
+                        /**
+                         * Better client thinks the server is not using SNI,
+                         * instead of thinking that the host_name matched.
+                         * No empty SNI response in this case.
+                         */
+
                     SendAlert(ssl, alert_fatal, unrecognized_name);
 
                     return UNKNOWN_SNI_HOST_NAME_E;