Do not send IP address in SNI.

GitOrigin-RevId: ff01b1f5f9219e34b0cacdf8acd49bf4e5a3daa2
2020-05-16 17:50:58 +03:00 · 2020-05-16 17:50:58 +03:00 · 7bdff46710
commit 7bdff46710
parent e58d423af1
3 changed files with 11 additions and 4 deletions
--- a/tdnet/td/net/SslStream.cpp
+++ b/tdnet/td/net/SslStream.cpp
@ -10,6 +10,7 @@
 #include "td/utils/common.h"
 #include "td/utils/logging.h"
 #include "td/utils/misc.h"
+#include "td/utils/port/IPAddress.h"
 #include "td/utils/port/wstring_convert.h"
 #include "td/utils/StackAllocator.h"
 #include "td/utils/Status.h"
@ -318,6 +319,8 @@ class SslStreamImpl {
      SSL_free(ssl_handle);
    };

+    auto r_ip_address = IPAddress::get_ip_address(host);
+
 #if OPENSSL_VERSION_NUMBER >= 0x10002000L
    X509_VERIFY_PARAM *param = SSL_get0_param(ssl_handle);
    /* Enable automatic hostname checks */
@ -333,8 +336,10 @@ class SslStreamImpl {
    SSL_set_bio(ssl_handle, bio, bio);

 #if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT)
-    auto host_str = host.str();
-    SSL_set_tlsext_host_name(ssl_handle, MutableCSlice(host_str).begin());
+    if (r_ip_address.is_error()) {  // IP address must not be send as SNI
+      auto host_str = host.str();
+      SSL_set_tlsext_host_name(ssl_handle, MutableCSlice(host_str).begin());
+    }
 #endif
    SSL_set_connect_state(ssl_handle);

--- a/tdutils/td/utils/port/IPAddress.h
+++ b/tdutils/td/utils/port/IPAddress.h
@ -49,9 +49,9 @@ class IPAddress {

  IPAddress get_any_addr() const;

+  static Result<IPAddress> get_ip_address(CSlice host);  // host must be any IPv4 or IPv6
  static Result<IPAddress> get_ipv4_address(CSlice host);
  static Result<IPAddress> get_ipv6_address(CSlice host);
-  static Result<IPAddress> get_ip_address(CSlice host);  // host must be any IPv4 or IPv6

  Status init_ipv6_port(CSlice ipv6, int port) TD_WARN_UNUSED_RESULT;
  Status init_ipv6_as_ipv4_port(CSlice ipv4, int port) TD_WARN_UNUSED_RESULT;
--- a/test/mtproto.cpp
+++ b/test/mtproto.cpp
@ -86,10 +86,12 @@ TEST(Mtproto, GetHostByNameActor) {
                                      " ",
                                      "a",
                                      "\x80",
+                                      "[]",
                                      "127.0.0.1.",
                                      "0x12.0x34.0x56.0x78",
                                      "0x7f.001",
-                                      "2001:0db8:85a3:0000:0000:8a2e:0370:7334"};
+                                      "2001:0db8:85a3:0000:0000:8a2e:0370:7334",
+                                      "[2001:0db8:85a3:0000:0000:8a2e:0370:7334]"};
    for (auto types : {vector<GetHostByNameActor::ResolverType>{GetHostByNameActor::ResolverType::Native},
                       vector<GetHostByNameActor::ResolverType>{GetHostByNameActor::ResolverType::Google},
                       vector<GetHostByNameActor::ResolverType>{GetHostByNameActor::ResolverType::Google,