Merge pull request #461 from dcooper16/tls_sockets_and_no_SNI

Fix tls_sockets() when SNI empty

testssl.sh

@@ -5747,6 +5747,7 @@ socksend_tls_clienthello() {
                fi
           done
 
+          if [[ -n "$SNI" ]]; then
                #formatted example for SNI
                #00 00    # extension server_name
                #00 1a    # length                      = the following +2 = server_name length + 5
@@ -5761,6 +5762,7 @@ socksend_tls_clienthello() {
                len_servername_hex=$(printf "%02x\n" $len_servername)
                len_sni_listlen=$(printf "%02x\n" $((len_servername+3)))
                len_sni_ext=$(printf "%02x\n" $((len_servername+5)))
+          fi
 
           extension_signature_algorithms="
           00, 0d,                    # Type: signature_algorithms , see RFC 5246
@@ -5790,15 +5792,19 @@ socksend_tls_clienthello() {
           01, 00"
           
           all_extensions="
-           00, 00                  # extension server_name
+           $extension_heartbeat
+          ,$extension_session_ticket
+          ,$extension_next_protocol"
+
+          if [[ -n "$SNI" ]]; then
+               all_extensions="$all_extensions
+               ,00, 00                  # extension server_name
                ,00, $len_sni_ext        # length SNI EXT
                ,00, $len_sni_listlen    # server_name list_length
                ,00                      # server_name type (hostname)
                ,00, $len_servername_hex # server_name length. We assume len(hostname) < FF - 9
-          ,$servername_hexstr      # server_name target
+               ,$servername_hexstr"     # server_name target
-          ,$extension_heartbeat
+          fi
-          ,$extension_session_ticket
-          ,$extension_next_protocol"
 
           # RFC 5246 says that clients MUST NOT offer the signature algorithms
           # extension if they are offering TLS versions prior to 1.2.