Remove automatic SNI extension fallback in WolfSSLEngineHelper

Only set Server Name Indication (SNI) extension when explicitly configured through SSLParameters. Remove automatic fallback logic that would set SNI based on hostname or peer address, as this could cause unexpected behavior and test failures. This change: - Fixes test failures in SSLSocketExplorerWithSrvSNI - Improves compatibility with standard JSSE behavior - Adds debug logging when SNI is not configured
wolfSSL · Jan 7, 2025 · a164fd9 · a164fd9
1 parent e138599
commit a164fd9
Showing 1 changed file with 2 additions and 31 deletions.
diff --git a/src/java/com/wolfssl/provider/jsse/WolfSSLEngineHelper.java b/src/java/com/wolfssl/provider/jsse/WolfSSLEngineHelper.java
@@ -904,38 +904,9 @@ else if (this.clientMode) {
                 if (sni != null) {
                     this.ssl.useSNI((byte)sni.getType(), sni.getEncoded());
                 }
-
             } else {
-                if (this.peerAddr != null && trustNameService) {
-                    WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
-                        "setting SNI extension with " +
-                        "InetAddress.getHostName(): " +
-                        this.peerAddr.getHostName());
-
-                    this.ssl.useSNI((byte)0,
-                        this.peerAddr.getHostName().getBytes());
-                }
-                else if (this.hostname != null) {
-                    if (peerAddr != null) {
-                        WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
-                            "jdk.tls.trustNameService not set to true, " +
-                            "not doing reverse DNS lookup to set SNI");
-                        WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
-                            "setting SNI extension with hostname: " +
-                            this.hostname);
-                    }
-                    else {
-                        WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
-                            "peerAddr is null, setting SNI extension with " +
-                            "hostname: " + this.hostname);
-                    }
-                    this.ssl.useSNI((byte)0, this.hostname.getBytes());
-
-                }
-                else {
-                    WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
-                        "hostname and peerAddr are null, not setting SNI");
-                }
+                WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
+                    "No SNI configured through SSLParameters, not setting SNI");
             }
         }
     }