Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto/tls, net/http: HTTPS + IPv6 literal == bogus SNI #14404

Closed
willmo opened this issue Feb 19, 2016 · 1 comment
Closed

crypto/tls, net/http: HTTPS + IPv6 literal == bogus SNI #14404

willmo opened this issue Feb 19, 2016 · 1 comment
Milestone

Comments

@willmo
Copy link

willmo commented Feb 19, 2016

Following up #13111, in Go 1.6 the SNI is still incorrectly sent when using IPv6 literals with HTTPS. HTTP encloses IPv6 literals in square brackets, but when tls prepares to send the SNI it uses net.ParseIP to check for address literals, and that doesn't know about square brackets. Hence the bracket-enclosed literal ends up being sent as the SNI.

I'm not sure if tls should handle square brackets (like x509.Certificate.VerifyHostname does), or if http should strip the brackets before setting ServerName (i.e. in tlsHost()), or what.

@mikioh mikioh added this to the Go1.7 milestone Feb 19, 2016
@willmo willmo changed the title crypto/tls (or net/http?): HTTPS + IPv6 literal == bogus SNI crypto/tls, net/http: HTTPS + IPv6 literal == bogus SNI Feb 19, 2016
@gopherbot
Copy link

CL https://golang.org/cl/19704 mentions this issue.

@golang golang locked and limited conversation to collaborators Feb 28, 2017
FiloSottile pushed a commit to FiloSottile/go that referenced this issue Oct 12, 2018
This is a followup change to golang#13111 for filtering out IPv6 literals and
absolute FQDNs from being as the SNI values.

Updates golang#13111.
Fixes golang#14404.

Change-Id: I09ab8d2a9153d9a92147e57ca141f2e97ddcef6e
Reviewed-on: https://go-review.googlesource.com/19704
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
FiloSottile pushed a commit to FiloSottile/go that referenced this issue Oct 12, 2018
This is a followup change to golang#13111 for filtering out IPv6 literals and
absolute FQDNs from being as the SNI values.

Updates golang#13111.
Fixes golang#14404.

Change-Id: I09ab8d2a9153d9a92147e57ca141f2e97ddcef6e
Reviewed-on: https://go-review.googlesource.com/19704
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

3 participants