From fc34b43d2939da581ac21d8ac2d097dabfb4866e Mon Sep 17 00:00:00 2001
From: Alex Rousskov <rousskov@measurement-factory.com>
Date: Thu, 28 Apr 2016 18:27:45 -0600
Subject: [PATCH] Fixed parsing of server-sent SNI.

The old code could not handle an empty SNI extension that most servers
send. RFC 6066 prose instructs servers to send empty SNI extensions, and
the formal SNI grammar is apparently client-specific. We are not the
only ones being confused by that because there are severs that send
empty ServerNameLists, which are actually prohibited by the grammar.
---
 src/security/Handshake.cc | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/security/Handshake.cc b/src/security/Handshake.cc
index 140745ff45..9909d3e64c 100644
--- a/src/security/Handshake.cc
+++ b/src/security/Handshake.cc
@@ -408,6 +408,10 @@ Security::HandshakeParser::parseServerHelloHandshakeMessage(const SBuf &raw)
 SBuf
 Security::HandshakeParser::parseSniExtension(const SBuf &extensionData) const
 {
+    // Servers SHOULD send an empty SNI extension, not an empty ServerNameList!
+    if (extensionData.isEmpty())
+        return SBuf();
+
     BinaryTokenizer tkList(extensionData);
     const P16String list(tkList, "ServerNameList");
 
-- 
2.47.2