What operating system and processor architecture are you using (go env)?
What did you do?
Through using golang.org/x/crypto/acme/autocert I noticed the TLS listener implementation uses a fatal-level internal_error alert to signal the client that it can't handle a servername.
What did you expect to see?
Ideally, the TLS implementation should be able to signal a TLS alert called unrecognized_name in response. In RFC6066 Section 3 the following is defined:
If the server understood the ClientHello extension but does not recognize the server name, the server SHOULD take one of two actions: either abort the handshake by sending a fatal-level unrecognized_name(112) alert or continue the handshake.
What did you see instead?
The TLS implementation currently doesn't support the unrecognized_name alert, and if it had GetCertificate has no (documented) way of triggering it.
I'd also like to attempt to implement this myself. Any input on implementation is welcome.
The text was updated successfully, but these errors were encountered: