GNOME.org
 

[glib-networking/glib-2-70] Do not fill SNI extension with IP address

commit 59764f733066dd006db1f70177b2959b7af07bfe
Author: Matteo Biggio <biggio amazon com>
Date:   Wed Dec 29 17:50:54 2021 +0100

    Do not fill SNI extension with IP address
    
    Sending a "ClientHello" message with an SNI extension containing
    the IP address, is forbidden, according to RFC 4366:
    https://datatracker.ietf.org/doc/html/rfc4366#section-3.1
    
    Part-of: <https://gitlab.gnome.org/GNOME/glib-networking/-/merge_requests/200>
    
    
    (cherry picked from commit 85a4db53e20c3f7b3a83cc7cf0c915f8482dc3a6)

 tls/gnutls/gtlsclientconnection-gnutls.c   | 2 +-
 tls/openssl/gtlsclientconnection-openssl.c | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)
---
diff --git a/tls/gnutls/gtlsclientconnection-gnutls.c b/tls/gnutls/gtlsclientconnection-gnutls.c
index bd67fc10..9045270b 100644
--- a/tls/gnutls/gtlsclientconnection-gnutls.c
+++ b/tls/gnutls/gtlsclientconnection-gnutls.c
@@ -347,7 +347,7 @@ g_tls_client_connection_gnutls_set_property (GObject      *object,
       gnutls->server_identity = g_value_dup_object (value);
 
       hostname = get_server_identity (gnutls);
-      if (hostname)
+      if (hostname && !g_hostname_is_ip_address (hostname))
         {
           gnutls_session_t session = g_tls_connection_gnutls_get_session (G_TLS_CONNECTION_GNUTLS (gnutls));
 
diff --git a/tls/openssl/gtlsclientconnection-openssl.c b/tls/openssl/gtlsclientconnection-openssl.c
index 50f67ef2..67713977 100644
--- a/tls/openssl/gtlsclientconnection-openssl.c
+++ b/tls/openssl/gtlsclientconnection-openssl.c
@@ -524,7 +524,7 @@ g_tls_client_connection_openssl_initable_init (GInitable       *initable,
   SSL_set_ex_data (client->ssl, data_index, client);
 
 #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
-  if (hostname)
+  if (hostname && !g_hostname_is_ip_address (hostname))
     SSL_set_tlsext_host_name (client->ssl, hostname);
 #endif
[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]