[glib-networking/no-ip-in-sni: 2/2] Do not fill SNI extension with IP address
- From: Ignacio Casal Quinteiro <icq src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [glib-networking/no-ip-in-sni: 2/2] Do not fill SNI extension with IP address
- Date: Fri, 31 Dec 2021 08:39:40 +0000 (UTC)
commit b6bf72806097ccf0ddeb892f68ce10e1d15483ec
Author: Matteo Biggio <biggio amazon com>
Date: Wed Dec 29 17:50:54 2021 +0100
Do not fill SNI extension with IP address
Sending a "ClientHello" message with an SNI extension containing
the IP address, is forbidden, according to RFC 4366:
https://datatracker.ietf.org/doc/html/rfc4366#section-3.1
tls/gnutls/gtlsclientconnection-gnutls.c | 2 +-
tls/openssl/gtlsclientconnection-openssl.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
---
diff --git a/tls/gnutls/gtlsclientconnection-gnutls.c b/tls/gnutls/gtlsclientconnection-gnutls.c
index bd67fc10..9045270b 100644
--- a/tls/gnutls/gtlsclientconnection-gnutls.c
+++ b/tls/gnutls/gtlsclientconnection-gnutls.c
@@ -347,7 +347,7 @@ g_tls_client_connection_gnutls_set_property (GObject *object,
gnutls->server_identity = g_value_dup_object (value);
hostname = get_server_identity (gnutls);
- if (hostname)
+ if (hostname && !g_hostname_is_ip_address (hostname))
{
gnutls_session_t session = g_tls_connection_gnutls_get_session (G_TLS_CONNECTION_GNUTLS (gnutls));
diff --git a/tls/openssl/gtlsclientconnection-openssl.c b/tls/openssl/gtlsclientconnection-openssl.c
index 2fc8149f..263596b8 100644
--- a/tls/openssl/gtlsclientconnection-openssl.c
+++ b/tls/openssl/gtlsclientconnection-openssl.c
@@ -520,7 +520,7 @@ g_tls_client_connection_openssl_initable_init (GInitable *initable,
SSL_set_ex_data (client->ssl, data_index, client);
#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
- if (hostname)
+ if (hostname && !g_hostname_is_ip_address (hostname))
SSL_set_tlsext_host_name (client->ssl, hostname);
#endif
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]