Remove checking of SNI headers

This is only useful when we used the [] proxy because the GFE requires SNI during handshake in order to request the client certificate. The GCP proxy does not need this (it always requests the client certificate). We do not need to check for its existence. Also removed the checking of internal headers for ssl cert hash used only by the [] proxy. ------------- Created by MOE: https://github.com/google/moe MOE_MIGRATED_REVID=213059027
2026-01-11 00:10:36 +00:00 · 2018-09-14 16:01:56 -07:00
parent 8cdba74cab
commit 8d675a4b8c
10 changed files with 17 additions and 79 deletions
--- a/java/google/registry/flows/EppTlsAction.java
+++ b/java/google/registry/flows/EppTlsAction.java
@@ -43,11 +43,6 @@ public class EppTlsAction implements Runnable {

  @Override
  public void run() {
-    // Check that SNI header is present. This is a signal that we're receiving traffic proxied by a
-    // GFE, which is the expectation of this servlet. The value is unused.
-    if (!tlsCredentials.hasSni()) {
-      logger.atWarning().log("Request did not include required SNI header.");
-    }
    eppRequestHandler.executeEpp(
        new HttpSessionMetadata(session),
        tlsCredentials,