BUG: ssl: fix crt-list for clients not supporting SNI

I left a mistake in my previous patch bringing the crt-list feature,
it breaks clients with no SNI support.

Also remove the useless wildp = NULL as per a previous discussion.

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index a99fe3f92191505a683d5cd568d5c9b4406fc54c..8a39dade31d8414bc251e13e63fe4196a3b2e0ec 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -197,7 +197,7 @@ static int ssl_sock_switchctx_cbk(SSL *ssl, int *al, struct bind_conf *s)
        if (!servername) {
                return (s->strict_sni ?
                        SSL_TLSEXT_ERR_ALERT_FATAL :
-                       SSL_TLSEXT_ERR_ALERT_WARNING);
+                       SSL_TLSEXT_ERR_NOACK);
        }
 
        for (i = 0; i < trash.size; i++) {
@@ -218,7 +218,6 @@ static int ssl_sock_switchctx_cbk(SSL *ssl, int *al, struct bind_conf *s)
                        node = n;
                        break;
                }
-               wildp = NULL; /* never match a wildcard after matching a neg */
        }
        if (!node && wildp) {
                /* lookup in wildcards names */