artulab
projects / openbsd / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 09626e4) | patch
Avoid sending a trailing dot in SNI as a client
authortb <tb@openbsd.org>
Tue, 1 Jun 2021 20:14:17 +0000 (20:14 +0000)
committertb <tb@openbsd.org>
Tue, 1 Jun 2021 20:14:17 +0000 (20:14 +0000)
commitbac16b51aef00c10fe9cbc6d5f7347a01b97c587
tree93a3c0366fbfee1a5d437b3a0862ef11a49c7e60tree | snapshot
parent09626e4b2a457f977323e5080b5c925cb29b69e8commit | diff
Avoid sending a trailing dot in SNI as a client

While an FQDN includes a trailing dot for the zero-length label of
the root, SNI explicitly does not contain it. Contrary to other TLS
implementations, our tlsext_sni_is_valid_hostname() rejects a trailing
dot. The result is that LibreSSL TLS servers encountering an SNI with
trailing dot abort the connection with an illegal_parameter alert.

This fixes an issue reported by danj in nc(1) and by sthen in ftp(1).
DNS cluebat from florian.

ok jsing
lib/libtls/tls_client.c diff | blob | history
OpenBSD src
by Ahmet Artu Yildirim