Avoid sending a trailing dot in SNI as a client - openbsd - A mirror of https://github.com/libressl/openbsd.git

diff options

author	tb <>	2021-06-01 20:14:17 +0000
committer	tb <>	2021-06-01 20:14:17 +0000
commit	c71e98774db737758f9fd959db92ae9a73f610db (patch)
tree	b6a01471dc4ae0b369c7831798a6388d9723e393 /src/lib/libssl/ssl_both.c
parent	ee817e88df52a4debdacfb18945e17697591ba82 (diff)
download	openbsd-c71e98774db737758f9fd959db92ae9a73f610db.tar.gz openbsd-c71e98774db737758f9fd959db92ae9a73f610db.tar.bz2 openbsd-c71e98774db737758f9fd959db92ae9a73f610db.zip

Avoid sending a trailing dot in SNI as a client

While an FQDN includes a trailing dot for the zero-length label of the root, SNI explicitly does not contain it. Contrary to other TLS implementations, our tlsext_sni_is_valid_hostname() rejects a trailing dot. The result is that LibreSSL TLS servers encountering an SNI with trailing dot abort the connection with an illegal_parameter alert. This fixes an issue reported by danj in nc(1) and by sthen in ftp(1). DNS cluebat from florian. ok jsing

Diffstat (limited to 'src/lib/libssl/ssl_both.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: