YGGverse/agate
1
0
Fork 0
mirror of https://github.com/YGGverse/agate.git synced 2026-04-08 12:35:28 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

default cert fallback without SNI

Browse source 
The protocol specification requires that clients do not use SNI when
IP addresses are used instead of domains.

closes https://github.com/mbrubeck/agate/pull/433

Co-authored-by: oooo-ps <l.trk@tuta.io>
This commit is contained in:
Johann150 2026-04-03 19:30:52 +02:00
parent 2d6dac4a2f
commit d4f7867724
No known key found for this signature in database
GPG key ID: 9EE6577A2A06F8F1
1 changed files with 6 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

8
src/certificates.rs
View file

@ -222,8 +222,12 @@ impl ResolvesServerCert for CertStore {
.map(|(_, k)| k)
.cloned()
} else {
// This kind of resolver requires SNI.
None
// Fallback to default cert. Due to the certificate loading logic,
// the fallback cert is always the last one, if it is present.
match self.certs.last() {
Some((domain, key)) if domain.is_empty() => Some(key.clone()),
_ => None,
}
}
}
}