Revert "crypto/tls: don't send IP literals as SNI values."
This reverts commit a4dcc692011bf1ceca9b1a363fd83f3e59e399ee. Change-Id: Ib55fd349a604d6b5220dac20327501e1ce46b962 Reviewed-on: https://go-review.googlesource.com/16770 Reviewed-by: Adam Langley <agl@golang.org>
This commit is contained in:
parent
25dd71bbe6
commit
367577a70f
@ -286,8 +286,7 @@ type Config struct {
|
|||||||
|
|
||||||
// ServerName is used to verify the hostname on the returned
|
// ServerName is used to verify the hostname on the returned
|
||||||
// certificates unless InsecureSkipVerify is given. It is also included
|
// certificates unless InsecureSkipVerify is given. It is also included
|
||||||
// in the client's handshake to support virtual hosting unless it is
|
// in the client's handshake to support virtual hosting.
|
||||||
// an IP address.
|
|
||||||
ServerName string
|
ServerName string
|
||||||
|
|
||||||
// ClientAuth determines the server's policy for
|
// ClientAuth determines the server's policy for
|
||||||
|
@ -49,20 +49,13 @@ func (c *Conn) clientHandshake() error {
|
|||||||
return errors.New("tls: NextProtos values too large")
|
return errors.New("tls: NextProtos values too large")
|
||||||
}
|
}
|
||||||
|
|
||||||
sni := c.config.ServerName
|
|
||||||
// IP address literals are not permitted as SNI values. See
|
|
||||||
// https://tools.ietf.org/html/rfc6066#section-3.
|
|
||||||
if net.ParseIP(sni) != nil {
|
|
||||||
sni = ""
|
|
||||||
}
|
|
||||||
|
|
||||||
hello := &clientHelloMsg{
|
hello := &clientHelloMsg{
|
||||||
vers: c.config.maxVersion(),
|
vers: c.config.maxVersion(),
|
||||||
compressionMethods: []uint8{compressionNone},
|
compressionMethods: []uint8{compressionNone},
|
||||||
random: make([]byte, 32),
|
random: make([]byte, 32),
|
||||||
ocspStapling: true,
|
ocspStapling: true,
|
||||||
scts: true,
|
scts: true,
|
||||||
serverName: sni,
|
serverName: c.config.ServerName,
|
||||||
supportedCurves: c.config.curvePreferences(),
|
supportedCurves: c.config.curvePreferences(),
|
||||||
supportedPoints: []uint8{pointFormatUncompressed},
|
supportedPoints: []uint8{pointFormatUncompressed},
|
||||||
nextProtoNeg: len(c.config.NextProtos) > 0,
|
nextProtoNeg: len(c.config.NextProtos) > 0,
|
||||||
|
@ -600,30 +600,3 @@ func TestHandshakClientSCTs(t *testing.T) {
|
|||||||
}
|
}
|
||||||
runClientTestTLS12(t, test)
|
runClientTestTLS12(t, test)
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestNoIPAddressesInSNI(t *testing.T) {
|
|
||||||
for _, ipLiteral := range []string{"1.2.3.4", "::1"} {
|
|
||||||
c, s := net.Pipe()
|
|
||||||
|
|
||||||
go func() {
|
|
||||||
client := Client(c, &Config{ServerName: ipLiteral})
|
|
||||||
client.Handshake()
|
|
||||||
}()
|
|
||||||
|
|
||||||
var header [5]byte
|
|
||||||
if _, err := io.ReadFull(s, header[:]); err != nil {
|
|
||||||
t.Fatal(err)
|
|
||||||
}
|
|
||||||
recordLen := int(header[3])<<8 | int(header[4])
|
|
||||||
|
|
||||||
record := make([]byte, recordLen)
|
|
||||||
if _, err := io.ReadFull(s, record[:]); err != nil {
|
|
||||||
t.Fatal(err)
|
|
||||||
}
|
|
||||||
s.Close()
|
|
||||||
|
|
||||||
if bytes.Index(record, []byte(ipLiteral)) != -1 {
|
|
||||||
t.Errorf("IP literal %q found in ClientHello: %x", ipLiteral, record)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
Loading…
Reference in New Issue
Block a user