On 28/11/2018 21:03, Benjamin Kaduk via openssl-users wrote: > On Wed, Nov 28, 2018 at 08:48:10PM +0000, Jeremy Harris wrote: >> OpenSSL 1.1.1 FIPS 11 Sep 2018 >> RHEL 8.0 beta >> >> Using SSL_CTX_set_tlsext_servername_callback() >> when the called routine returns SSL_TLSEXT_ERR_NOACK >> I was expecting the handshake to fail. It carries >> on; am I doing something wrong? > > NOACK is basically "pretend that there wasn't a callback here"; > you should probably use SSL_TLSEXT_ERR_ALERT_FATAL to abort the > connection if you want the handshake to fail. Gotcha. - Thanks -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
