Revert "crypto/tls: don't send IP literals as SNI values."
This reverts commit a4dcc692011bf1ceca9b1a363fd83f3e59e399ee. Change-Id: Ib55fd349a604d6b5220dac20327501e1ce46b962 Reviewed-on: https://go-review.googlesource.com/16770 Reviewed-by: Adam Langley <agl@golang.org>
This commit is contained in:
parent
25dd71bbe6
commit
367577a70f
@ -286,8 +286,7 @@ type Config struct {
|
||||
|
||||
// ServerName is used to verify the hostname on the returned
|
||||
// certificates unless InsecureSkipVerify is given. It is also included
|
||||
// in the client's handshake to support virtual hosting unless it is
|
||||
// an IP address.
|
||||
// in the client's handshake to support virtual hosting.
|
||||
ServerName string
|
||||
|
||||
// ClientAuth determines the server's policy for
|
||||
|
@ -49,20 +49,13 @@ func (c *Conn) clientHandshake() error {
|
||||
return errors.New("tls: NextProtos values too large")
|
||||
}
|
||||
|
||||
sni := c.config.ServerName
|
||||
// IP address literals are not permitted as SNI values. See
|
||||
// https://tools.ietf.org/html/rfc6066#section-3.
|
||||
if net.ParseIP(sni) != nil {
|
||||
sni = ""
|
||||
}
|
||||
|
||||
hello := &clientHelloMsg{
|
||||
vers: c.config.maxVersion(),
|
||||
compressionMethods: []uint8{compressionNone},
|
||||
random: make([]byte, 32),
|
||||
ocspStapling: true,
|
||||
scts: true,
|
||||
serverName: sni,
|
||||
serverName: c.config.ServerName,
|
||||
supportedCurves: c.config.curvePreferences(),
|
||||
supportedPoints: []uint8{pointFormatUncompressed},
|
||||
nextProtoNeg: len(c.config.NextProtos) > 0,
|
||||
|
@ -600,30 +600,3 @@ func TestHandshakClientSCTs(t *testing.T) {
|
||||
}
|
||||
runClientTestTLS12(t, test)
|
||||
}
|
||||
|
||||
func TestNoIPAddressesInSNI(t *testing.T) {
|
||||
for _, ipLiteral := range []string{"1.2.3.4", "::1"} {
|
||||
c, s := net.Pipe()
|
||||
|
||||
go func() {
|
||||
client := Client(c, &Config{ServerName: ipLiteral})
|
||||
client.Handshake()
|
||||
}()
|
||||
|
||||
var header [5]byte
|
||||
if _, err := io.ReadFull(s, header[:]); err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
recordLen := int(header[3])<<8 | int(header[4])
|
||||
|
||||
record := make([]byte, recordLen)
|
||||
if _, err := io.ReadFull(s, record[:]); err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
s.Close()
|
||||
|
||||
if bytes.Index(record, []byte(ipLiteral)) != -1 {
|
||||
t.Errorf("IP literal %q found in ClientHello: %x", ipLiteral, record)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user