Revert "crypto/tls: don't send IP literals as SNI values."

This reverts commit a4dcc692011bf1ceca9b1a363fd83f3e59e399ee.

Change-Id: Ib55fd349a604d6b5220dac20327501e1ce46b962
Reviewed-on: https://go-review.googlesource.com/16770
Reviewed-by: Adam Langley <agl@golang.org>
This commit is contained in:
Adam Langley 2015-11-09 15:16:12 -08:00
parent 25dd71bbe6
commit 367577a70f
3 changed files with 2 additions and 37 deletions

View File

@ -286,8 +286,7 @@ type Config struct {
// ServerName is used to verify the hostname on the returned
// certificates unless InsecureSkipVerify is given. It is also included
// in the client's handshake to support virtual hosting unless it is
// an IP address.
// in the client's handshake to support virtual hosting.
ServerName string
// ClientAuth determines the server's policy for

View File

@ -49,20 +49,13 @@ func (c *Conn) clientHandshake() error {
return errors.New("tls: NextProtos values too large")
}
sni := c.config.ServerName
// IP address literals are not permitted as SNI values. See
// https://tools.ietf.org/html/rfc6066#section-3.
if net.ParseIP(sni) != nil {
sni = ""
}
hello := &clientHelloMsg{
vers: c.config.maxVersion(),
compressionMethods: []uint8{compressionNone},
random: make([]byte, 32),
ocspStapling: true,
scts: true,
serverName: sni,
serverName: c.config.ServerName,
supportedCurves: c.config.curvePreferences(),
supportedPoints: []uint8{pointFormatUncompressed},
nextProtoNeg: len(c.config.NextProtos) > 0,

View File

@ -600,30 +600,3 @@ func TestHandshakClientSCTs(t *testing.T) {
}
runClientTestTLS12(t, test)
}
func TestNoIPAddressesInSNI(t *testing.T) {
for _, ipLiteral := range []string{"1.2.3.4", "::1"} {
c, s := net.Pipe()
go func() {
client := Client(c, &Config{ServerName: ipLiteral})
client.Handshake()
}()
var header [5]byte
if _, err := io.ReadFull(s, header[:]); err != nil {
t.Fatal(err)
}
recordLen := int(header[3])<<8 | int(header[4])
record := make([]byte, recordLen)
if _, err := io.ReadFull(s, record[:]); err != nil {
t.Fatal(err)
}
s.Close()
if bytes.Index(record, []byte(ipLiteral)) != -1 {
t.Errorf("IP literal %q found in ClientHello: %x", ipLiteral, record)
}
}
}