SNI: reset to default server if requested host was not found. Not only this is consistent with a case without SNI, but this also prevents abusing configurations that assume that the $host variable is limited to one of the configured names for a server. An example of potentially unsafe configuration: server { listen 443 ssl default_server; ... } server { listen 443; server_name example.com; location / { proxy_pass http://$host; } } Note: it is possible to negotiate "example.com" by SNI, and to request arbitrary host name that does not exist in the configuration above.

/*
 * Copyright (C) Igor Sysoev
 * Copyright (C) Nginx, Inc.
 */


#ifndef _NGX_SHA1_H_INCLUDED_
#define _NGX_SHA1_H_INCLUDED_


#include <ngx_config.h>
#include <ngx_core.h>


#if (NGX_HAVE_OPENSSL_SHA1_H)
#include <openssl/sha.h>
#else
#include <sha.h>
#endif


typedef SHA_CTX  ngx_sha1_t;


#define ngx_sha1_init    SHA1_Init
#define ngx_sha1_update  SHA1_Update
#define ngx_sha1_final   SHA1_Final


#endif /* _NGX_SHA1_H_INCLUDED_ */