c++ - SSL_CTX_set_tlsext_servername_callback callback function not being called -

i writing https server , need host name client before ssl_accept() using sni. using ssl_ctx_set_tlsext_servername_callback() receive host name callback not @ called. here part of code

// server name indication callback openssl static int servernamecallback(ssl *ssl, int *ad, void *arg)  {     if (ssl == null)         return ssl_tlsext_err_noack;      const char* servername = ssl_get_servername(ssl, tlsext_nametype_host_name);     printf("servername: %s\n", servername); }  int main() {     //some code      const ssl_method *method;     ssl_ctx *ctx;      method = sslv3_server_method();       ctx = ssl_ctx_new(method);        if ( ctx == null )     {          printf("ssl_ctx_new() error\n");     }      int ret = ssl_ctx_set_tlsext_servername_callback(ctx, servernamecallback); } 

i writing https server , need host name client before ssl_accept() using sni.

you don't call ssl_ctx_set_tlsext_servername_callback. openssl library invoke during handshake.

your sni callback not called sslv2 , sslv3 clients. that's because sni tls extension.

if client windows xp (or similar don't use extension tls), sni callback invoked, servername null. in case, should use default server context.

if client using tls , send s server name, sni callback invoked. in callback, should (1) determine if default certificate , context ok. if ok, return ssl_tlsext_err_ok. (2) if can provide more appropriate certificate, use ssl_set_ssl_ctx swap in new context , return ssl_tlsext_err_ok.

if experience error (like null servername), should return ssl_tlsext_err_noack. there's 2 other error codes can return. both fatal connection, iirc.

implementation details of callback given @ serving multiple domains in 1 box sni.