From affbf85699ab249e4fb8453cbc98d0cd4c0180ae Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Wed, 9 Feb 2022 12:33:25 +0100 Subject: [PATCH] internal: don't attempt to lookup SNI Certificate if no SNI is sent Signed-off-by: Jens Langhammer --- internal/outpost/proxyv2/proxyv2.go | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/internal/outpost/proxyv2/proxyv2.go b/internal/outpost/proxyv2/proxyv2.go index 7863b4660..916a9fca0 100644 --- a/internal/outpost/proxyv2/proxyv2.go +++ b/internal/outpost/proxyv2/proxyv2.go @@ -102,7 +102,11 @@ func (ps *ProxyServer) GetCertificate(serverName string) *tls.Certificate { } func (ps *ProxyServer) getCertificates(info *tls.ClientHelloInfo) (*tls.Certificate, error) { - appCert := ps.GetCertificate(info.ServerName) + sn := info.ServerName + if sn == "" { + return &ps.defaultCert, nil + } + appCert := ps.GetCertificate(sn) if appCert == nil { return &ps.defaultCert, nil }