Enforce that SNI hostnames be correct as per rfc 6066 and 5980.

Correct SNI alerts to differentiate between illegal parameter and an unknown name. ok tb@`
author: beck <> 2020-05-23 17:13:24 +0000
committer: beck <> 2020-05-23 17:13:24 +0000
commit: ce471c0da7f905a6a1c11b47e709a521f8a706af (patch)
tree: cc3cb487c96b80cc2e522f8bfd09a58f7d2f7ab2 /src/lib/libssl/ssl_tlsext.h
parent: 6aaa71524fb63f15a7b380ada15b019cfa250176 (diff)
download: openbsd-ce471c0da7f905a6a1c11b47e709a521f8a706af.tar.gz
openbsd-ce471c0da7f905a6a1c11b47e709a521f8a706af.tar.bz2
openbsd-ce471c0da7f905a6a1c11b47e709a521f8a706af.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/src/lib/libssl/ssl_tlsext.h b/src/lib/libssl/ssl_tlsext.h
index aa40f6b1a6..15e0257e63 100644
--- a/src/lib/libssl/ssl_tlsext.h
+++ b/src/lib/libssl/ssl_tlsext.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_tlsext.h,v 1.22 2020/01/25 12:58:27 jsing Exp $ */
+/* $OpenBSD: ssl_tlsext.h,v 1.23 2020/05/23 17:13:24 beck Exp $ */
 /*
 * Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -58,6 +58,7 @@ int tlsext_sni_client_parse(SSL *s, CBS *cbs, int *alert);
 int tlsext_sni_server_needs(SSL *s);
 int tlsext_sni_server_build(SSL *s, CBB *cbb);
 int tlsext_sni_server_parse(SSL *s, CBS *cbs, int *alert);
+int tlsext_sni_is_valid_hostname(CBS *cbs);
 int tlsext_supportedgroups_client_needs(SSL *s);
 int tlsext_supportedgroups_client_build(SSL *s, CBB *cbb);
author	beck <>	2020-05-23 17:13:24 +0000
committer	beck <>	2020-05-23 17:13:24 +0000
commit	ce471c0da7f905a6a1c11b47e709a521f8a706af (patch)
tree	cc3cb487c96b80cc2e522f8bfd09a58f7d2f7ab2 /src/lib/libssl/ssl_tlsext.h
parent	6aaa71524fb63f15a7b380ada15b019cfa250176 (diff)
download	openbsd-ce471c0da7f905a6a1c11b47e709a521f8a706af.tar.gz openbsd-ce471c0da7f905a6a1c11b47e709a521f8a706af.tar.bz2 openbsd-ce471c0da7f905a6a1c11b47e709a521f8a706af.zip