New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
crypto/tls: Dotted-quad Servername given in ServerNameList extension #13111
Comments
CC @agl |
CL https://golang.org/cl/16742 mentions this issue. |
The commit that closed this issue was promptly reverted by @agl, https://golang.org/cl/16770 |
Unknown. @agl? |
CL https://golang.org/cl/16776 mentions this issue. |
@agl It's still broken for IPv6 literals with HTTPS, since HTTP encloses IPv6 literals in square brackets so that net.ParseIP can't recognize them. I'm not sure if tls should handle square brackets, or if http should strip the brackets when setting ServerName, or what. Should I reopen this issue, or create a new one? |
@willmo, please open a new issue. |
CL https://golang.org/cl/19704 mentions this issue. |
This is a followup change to #13111 for filtering out IPv6 literals and absolute FQDNs from being as the SNI values. Updates #13111. Fixes #14404. Change-Id: I09ab8d2a9153d9a92147e57ca141f2e97ddcef6e Reviewed-on: https://go-review.googlesource.com/19704 Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
https://tools.ietf.org/html/rfc6066#section-3 states: “Literal IPv4 and IPv6 addresses are not permitted in "HostName".” However, if an IP literal was set as Config.ServerName (which could happen as easily as calling Dial with an IP address) then the code would send the IP literal as the SNI value. This change filters out IP literals, as recognised by net.ParseIP, from being sent as the SNI value. Fixes golang#13111. Change-Id: Ie9ec7acc767ae172b48c9c6dd8d84fa27b1cf0de Reviewed-on: https://go-review.googlesource.com/16742 Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org> Run-TryBot: Adam Langley <agl@golang.org>
(This relands commit a4dcc69.) https://tools.ietf.org/html/rfc6066#section-3 states: “Literal IPv4 and IPv6 addresses are not permitted in "HostName".” However, if an IP literal was set as Config.ServerName (which could happen as easily as calling Dial with an IP address) then the code would send the IP literal as the SNI value. This change filters out IP literals, as recognised by net.ParseIP, from being sent as the SNI value. Fixes golang#13111. Change-Id: I6e544a78a01388f8fe98150589d073b917087f75 Reviewed-on: https://go-review.googlesource.com/16776 Run-TryBot: Adam Langley <agl@golang.org> Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org> Reviewed-by: Russ Cox <rsc@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org>
https://tools.ietf.org/html/rfc6066#section-3 states: “Literal IPv4 and IPv6 addresses are not permitted in "HostName".” However, if an IP literal was set as Config.ServerName (which could happen as easily as calling Dial with an IP address) then the code would send the IP literal as the SNI value. This change filters out IP literals, as recognised by net.ParseIP, from being sent as the SNI value. Fixes golang#13111. Change-Id: Ie9ec7acc767ae172b48c9c6dd8d84fa27b1cf0de Reviewed-on: https://go-review.googlesource.com/16742 Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org> Run-TryBot: Adam Langley <agl@golang.org>
(This relands commit a4dcc69.) https://tools.ietf.org/html/rfc6066#section-3 states: “Literal IPv4 and IPv6 addresses are not permitted in "HostName".” However, if an IP literal was set as Config.ServerName (which could happen as easily as calling Dial with an IP address) then the code would send the IP literal as the SNI value. This change filters out IP literals, as recognised by net.ParseIP, from being sent as the SNI value. Fixes golang#13111. Change-Id: I6e544a78a01388f8fe98150589d073b917087f75 Reviewed-on: https://go-review.googlesource.com/16776 Run-TryBot: Adam Langley <agl@golang.org> Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org> Reviewed-by: Russ Cox <rsc@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org>
http://tools.ietf.org/html/rfc6066#section-3 defines Server Name Indication and says «The hostname is represented as a byte string using ASCII encoding without a trailing dot... Literal IPv4 and IPv6 addresses are not permitted in "HostName"». I take that to mean a dotted-quad ASCII string isn't allowed, perhaps to avoid the ambiguity of it and the destination IP address differing. The alternative is it means a 32-bit IPv4 address cannot be given, but that's already ruled out by "ASCII encoding".
A tls.Dial("tcp", "3.1.4.1:5", ...) passes "3.1.4.1" in the TLS's ClientHello.
The text was updated successfully, but these errors were encountered: