The old code could not handle an empty SNI extension that most servers
send. RFC 6066 prose instructs servers to send empty SNI extensions, and
the formal SNI grammar is apparently client-specific. We are not the
only ones being confused by that because there are severs that send
empty ServerNameLists, which are actually prohibited by the grammar.
SBuf
Security::HandshakeParser::parseSniExtension(const SBuf &extensionData) const
{
+ // Servers SHOULD send an empty SNI extension, not an empty ServerNameList!
+ if (extensionData.isEmpty())
+ return SBuf();
+
BinaryTokenizer tkList(extensionData);
const P16String list(tkList, "ServerNameList");