If a user provided callback to set_tlsext_servername_callback raised an unhandled exception, this would result in a connection being accepted. If a user was relying on this callback for any security-sensitive behavior, this could allow bypassing it.
Unhandled exceptions now result in rejecting the connection.
Credit to Leury Castillo for reporting this issue.
If a user provided callback to
set_tlsext_servername_callbackraised an unhandled exception, this would result in a connection being accepted. If a user was relying on this callback for any security-sensitive behavior, this could allow bypassing it.Unhandled exceptions now result in rejecting the connection.
Credit to Leury Castillo for reporting this issue.