|
@@ -234,10 +234,16 @@ func (srv *Server) handleConn(hs *http.Server, c net.Conn, h http.Handler) {
|
|
|
return
|
|
return
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
- // Client must use SNI:
|
|
|
|
|
if sc.tlsState.ServerName == "" {
|
|
if sc.tlsState.ServerName == "" {
|
|
|
- sc.rejectConn(ErrCodeProtocol, "client didn't use SNI")
|
|
|
|
|
- return
|
|
|
|
|
|
|
+ // Client must use SNI, but we don't enforce that anymore,
|
|
|
|
|
+ // since it was causing problems when connecting to bare IP
|
|
|
|
|
+ // addresses during development.
|
|
|
|
|
+ //
|
|
|
|
|
+ // TODO: optionally enforce? Or enforce at the time we receive
|
|
|
|
|
+ // a new request, and verify the the ServerName matches the :authority?
|
|
|
|
|
+ // But that precludes proxy situations, perhaps.
|
|
|
|
|
+ //
|
|
|
|
|
+ // So for now, do nothing here again.
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
if isBadCipher(sc.tlsState.CipherSuite) {
|
|
if isBadCipher(sc.tlsState.CipherSuite) {
|
Brad Fitzpatrick