Merge pull request #10332 from jackctj117/SNI

tls.c: send missing_extension alert on TLS 1.3 SNI absence
This commit is contained in:
Sean Parkinson
2026-05-27 08:37:05 +10:00
committed by GitHub
+8 -2
View File
@@ -2593,7 +2593,10 @@ static int TLSX_SNI_VerifyParse(WOLFSSL* ssl, byte isRequest)
continue;
}
SendAlert(ssl, alert_fatal, handshake_failure);
SendAlert(ssl, alert_fatal,
IsAtLeastTLSv1_3(ssl->version)
? missing_extension
: handshake_failure);
WOLFSSL_ERROR_VERBOSE(SNI_ABSENT_ERROR);
return SNI_ABSENT_ERROR;
}
@@ -2604,7 +2607,10 @@ static int TLSX_SNI_VerifyParse(WOLFSSL* ssl, byte isRequest)
if (ssl_sni->status != WOLFSSL_SNI_NO_MATCH)
continue;
SendAlert(ssl, alert_fatal, handshake_failure);
SendAlert(ssl, alert_fatal,
IsAtLeastTLSv1_3(ssl->version)
? missing_extension
: handshake_failure);
WOLFSSL_ERROR_VERBOSE(SNI_ABSENT_ERROR);
return SNI_ABSENT_ERROR;
}