[BUG] tunnel/tls/server.go:acceptLoop 里 sni mismatch 错误消息有错误 #531
Comments
|
来个pr嘛 |
Ok. done. 不过感觉代码逻辑似乎还是有点问题。 似乎用户可以设置一个和证书里的 CommonName 以及 DNS Names 都不同的 sni,只要客户端/服务端配置一致就行。 那么证书的意义是什么呢? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
if s.verifySNI && !matched { return nil, common.NewError("sni mismatched: " + hello.ServerName + ", expected: " + s.sni) }说 expected s.sni,实际上,上面的检查匹配逻辑是:
所以,这个错误消息里的应该是:
expected := sni + " or " + strings.Join(dnsNames, "/")当然,这是简化处理。没有考虑 dnsNames 包含 sni。
The text was updated successfully, but these errors were encountered: