Avoid sending a trailing dot in SNI as a client - openbsd - A mirror of https://github.com/libressl/openbsd.git

diff options

author	tb <>	2021-06-01 20:14:17 +0000
committer	tb <>	2021-06-01 20:14:17 +0000
commit	9e887183c2a90e6f5fe6b6767d78096483dd5345 (patch)
tree	b6a01471dc4ae0b369c7831798a6388d9723e393 /src/lib/libc/stdlib/system.c
parent	d9330d78516c910d1d1883d9da890f600bce7a02 (diff)
download	openbsd-9e887183c2a90e6f5fe6b6767d78096483dd5345.tar.gz openbsd-9e887183c2a90e6f5fe6b6767d78096483dd5345.tar.bz2 openbsd-9e887183c2a90e6f5fe6b6767d78096483dd5345.zip

Avoid sending a trailing dot in SNI as a client

While an FQDN includes a trailing dot for the zero-length label of the root, SNI explicitly does not contain it. Contrary to other TLS implementations, our tlsext_sni_is_valid_hostname() rejects a trailing dot. The result is that LibreSSL TLS servers encountering an SNI with trailing dot abort the connection with an illegal_parameter alert. This fixes an issue reported by danj in nc(1) and by sthen in ftp(1). DNS cluebat from florian. ok jsing

Diffstat (limited to 'src/lib/libc/stdlib/system.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: