crypto/tls: Dotted-quad Servername given in ServerNameList extension #13111
Labels
Milestone
Comments
|
CC @agl |
|
CL https://golang.org/cl/16742 mentions this issue. |
|
The commit that closed this issue was promptly reverted by @agl, https://golang.org/cl/16770 |
|
Unknown. @agl? |
|
CL https://golang.org/cl/16776 mentions this issue. |
|
@agl It's still broken for IPv6 literals with HTTPS, since HTTP encloses IPv6 literals in square brackets so that net.ParseIP can't recognize them. I'm not sure if tls should handle square brackets, or if http should strip the brackets when setting ServerName, or what. Should I reopen this issue, or create a new one? |
|
@willmo, please open a new issue. |
|
CL https://golang.org/cl/19704 mentions this issue. |
gopherbot
pushed a commit
that referenced
this issue
Feb 27, 2016
This is a followup change to #13111 for filtering out IPv6 literals and absolute FQDNs from being as the SNI values. Updates #13111. Fixes #14404. Change-Id: I09ab8d2a9153d9a92147e57ca141f2e97ddcef6e Reviewed-on: https://go-review.googlesource.com/19704 Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
FiloSottile
pushed a commit
to FiloSottile/go
that referenced
this issue
Oct 12, 2018
https://tools.ietf.org/html/rfc6066#section-3 states: “Literal IPv4 and IPv6 addresses are not permitted in "HostName".” However, if an IP literal was set as Config.ServerName (which could happen as easily as calling Dial with an IP address) then the code would send the IP literal as the SNI value. This change filters out IP literals, as recognised by net.ParseIP, from being sent as the SNI value. Fixes golang#13111. Change-Id: Ie9ec7acc767ae172b48c9c6dd8d84fa27b1cf0de Reviewed-on: https://go-review.googlesource.com/16742 Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org> Run-TryBot: Adam Langley <agl@golang.org>
FiloSottile
pushed a commit
to FiloSottile/go
that referenced
this issue
Oct 12, 2018
(This relands commit a4dcc69.) https://tools.ietf.org/html/rfc6066#section-3 states: “Literal IPv4 and IPv6 addresses are not permitted in "HostName".” However, if an IP literal was set as Config.ServerName (which could happen as easily as calling Dial with an IP address) then the code would send the IP literal as the SNI value. This change filters out IP literals, as recognised by net.ParseIP, from being sent as the SNI value. Fixes golang#13111. Change-Id: I6e544a78a01388f8fe98150589d073b917087f75 Reviewed-on: https://go-review.googlesource.com/16776 Run-TryBot: Adam Langley <agl@golang.org> Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org> Reviewed-by: Russ Cox <rsc@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org>
FiloSottile
pushed a commit
to FiloSottile/go
that referenced
this issue
Oct 12, 2018
https://tools.ietf.org/html/rfc6066#section-3 states: “Literal IPv4 and IPv6 addresses are not permitted in "HostName".” However, if an IP literal was set as Config.ServerName (which could happen as easily as calling Dial with an IP address) then the code would send the IP literal as the SNI value. This change filters out IP literals, as recognised by net.ParseIP, from being sent as the SNI value. Fixes golang#13111. Change-Id: Ie9ec7acc767ae172b48c9c6dd8d84fa27b1cf0de Reviewed-on: https://go-review.googlesource.com/16742 Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org> Run-TryBot: Adam Langley <agl@golang.org>
FiloSottile
pushed a commit
to FiloSottile/go
that referenced
this issue
Oct 12, 2018
(This relands commit a4dcc69.) https://tools.ietf.org/html/rfc6066#section-3 states: “Literal IPv4 and IPv6 addresses are not permitted in "HostName".” However, if an IP literal was set as Config.ServerName (which could happen as easily as calling Dial with an IP address) then the code would send the IP literal as the SNI value. This change filters out IP literals, as recognised by net.ParseIP, from being sent as the SNI value. Fixes golang#13111. Change-Id: I6e544a78a01388f8fe98150589d073b917087f75 Reviewed-on: https://go-review.googlesource.com/16776 Run-TryBot: Adam Langley <agl@golang.org> Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org> Reviewed-by: Russ Cox <rsc@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org>
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
http://tools.ietf.org/html/rfc6066#section-3 defines Server Name Indication and says «The hostname is represented as a byte string using ASCII encoding without a trailing dot... Literal IPv4 and IPv6 addresses are not permitted in "HostName"». I take that to mean a dotted-quad ASCII string isn't allowed, perhaps to avoid the ambiguity of it and the destination IP address differing. The alternative is it means a 32-bit IPv4 address cannot be given, but that's already ruled out by "ASCII encoding".
A tls.Dial("tcp", "3.1.4.1:5", ...) passes "3.1.4.1" in the TLS's ClientHello.
The text was updated successfully, but these errors were encountered: