From a164fd9b0002f040d64b385dd3f2bb7edd8e38b9 Mon Sep 17 00:00:00 2001
From: Reda Chouk <reda@wolfssl.com>
Date: Tue, 7 Jan 2025 17:47:15 +0100
Subject: [PATCH] Remove automatic SNI extension fallback in
 WolfSSLEngineHelper

Only set Server Name Indication (SNI) extension when explicitly configured
through SSLParameters. Remove automatic fallback logic that would set SNI
based on hostname or peer address, as this could cause unexpected behavior
and test failures.

This change:
- Fixes test failures in SSLSocketExplorerWithSrvSNI
- Improves compatibility with standard JSSE behavior
- Adds debug logging when SNI is not configured
---
 .../provider/jsse/WolfSSLEngineHelper.java    | 33 ++-----------------
 1 file changed, 2 insertions(+), 31 deletions(-)

diff --git a/src/java/com/wolfssl/provider/jsse/WolfSSLEngineHelper.java b/src/java/com/wolfssl/provider/jsse/WolfSSLEngineHelper.java
index 2b433189..7882c31c 100644
--- a/src/java/com/wolfssl/provider/jsse/WolfSSLEngineHelper.java
+++ b/src/java/com/wolfssl/provider/jsse/WolfSSLEngineHelper.java
@@ -904,38 +904,9 @@ else if (this.clientMode) {
                 if (sni != null) {
                     this.ssl.useSNI((byte)sni.getType(), sni.getEncoded());
                 }
-
             } else {
-                if (this.peerAddr != null && trustNameService) {
-                    WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
-                        "setting SNI extension with " +
-                        "InetAddress.getHostName(): " +
-                        this.peerAddr.getHostName());
-
-                    this.ssl.useSNI((byte)0,
-                        this.peerAddr.getHostName().getBytes());
-                }
-                else if (this.hostname != null) {
-                    if (peerAddr != null) {
-                        WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
-                            "jdk.tls.trustNameService not set to true, " +
-                            "not doing reverse DNS lookup to set SNI");
-                        WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
-                            "setting SNI extension with hostname: " +
-                            this.hostname);
-                    }
-                    else {
-                        WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
-                            "peerAddr is null, setting SNI extension with " +
-                            "hostname: " + this.hostname);
-                    }
-                    this.ssl.useSNI((byte)0, this.hostname.getBytes());
-
-                }
-                else {
-                    WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
-                        "hostname and peerAddr are null, not setting SNI");
-                }
+                WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
+                    "No SNI configured through SSLParameters, not setting SNI");
             }
         }
     }