diff options
| author | tb <> | 2021-06-01 20:14:17 +0000 | 
|---|---|---|
| committer | tb <> | 2021-06-01 20:14:17 +0000 | 
| commit | c71e98774db737758f9fd959db92ae9a73f610db (patch) | |
| tree | b6a01471dc4ae0b369c7831798a6388d9723e393 /src/lib/libcrypto/man/CMS_encrypt.3 | |
| parent | ee817e88df52a4debdacfb18945e17697591ba82 (diff) | |
| download | openbsd-c71e98774db737758f9fd959db92ae9a73f610db.tar.gz openbsd-c71e98774db737758f9fd959db92ae9a73f610db.tar.bz2 openbsd-c71e98774db737758f9fd959db92ae9a73f610db.zip | |
Avoid sending a trailing dot in SNI as a client
While an FQDN includes a trailing dot for the zero-length label of
the root, SNI explicitly does not contain it. Contrary to other TLS
implementations, our tlsext_sni_is_valid_hostname() rejects a trailing
dot. The result is that LibreSSL TLS servers encountering an SNI with
trailing dot abort the connection with an illegal_parameter alert.
This fixes an issue reported by danj in nc(1) and by sthen in ftp(1).
DNS cluebat from florian.
ok jsing
Diffstat (limited to 'src/lib/libcrypto/man/CMS_encrypt.3')
0 files changed, 0 insertions, 0 deletions
