Do not send IP address in SNI.
GitOrigin-RevId: ff01b1f5f9219e34b0cacdf8acd49bf4e5a3daa2
This commit is contained in:
parent
e58d423af1
commit
7bdff46710
@ -10,6 +10,7 @@
|
|||||||
#include "td/utils/common.h"
|
#include "td/utils/common.h"
|
||||||
#include "td/utils/logging.h"
|
#include "td/utils/logging.h"
|
||||||
#include "td/utils/misc.h"
|
#include "td/utils/misc.h"
|
||||||
|
#include "td/utils/port/IPAddress.h"
|
||||||
#include "td/utils/port/wstring_convert.h"
|
#include "td/utils/port/wstring_convert.h"
|
||||||
#include "td/utils/StackAllocator.h"
|
#include "td/utils/StackAllocator.h"
|
||||||
#include "td/utils/Status.h"
|
#include "td/utils/Status.h"
|
||||||
@ -318,6 +319,8 @@ class SslStreamImpl {
|
|||||||
SSL_free(ssl_handle);
|
SSL_free(ssl_handle);
|
||||||
};
|
};
|
||||||
|
|
||||||
|
auto r_ip_address = IPAddress::get_ip_address(host);
|
||||||
|
|
||||||
#if OPENSSL_VERSION_NUMBER >= 0x10002000L
|
#if OPENSSL_VERSION_NUMBER >= 0x10002000L
|
||||||
X509_VERIFY_PARAM *param = SSL_get0_param(ssl_handle);
|
X509_VERIFY_PARAM *param = SSL_get0_param(ssl_handle);
|
||||||
/* Enable automatic hostname checks */
|
/* Enable automatic hostname checks */
|
||||||
@ -333,8 +336,10 @@ class SslStreamImpl {
|
|||||||
SSL_set_bio(ssl_handle, bio, bio);
|
SSL_set_bio(ssl_handle, bio, bio);
|
||||||
|
|
||||||
#if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT)
|
#if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT)
|
||||||
|
if (r_ip_address.is_error()) { // IP address must not be send as SNI
|
||||||
auto host_str = host.str();
|
auto host_str = host.str();
|
||||||
SSL_set_tlsext_host_name(ssl_handle, MutableCSlice(host_str).begin());
|
SSL_set_tlsext_host_name(ssl_handle, MutableCSlice(host_str).begin());
|
||||||
|
}
|
||||||
#endif
|
#endif
|
||||||
SSL_set_connect_state(ssl_handle);
|
SSL_set_connect_state(ssl_handle);
|
||||||
|
|
||||||
|
@ -49,9 +49,9 @@ class IPAddress {
|
|||||||
|
|
||||||
IPAddress get_any_addr() const;
|
IPAddress get_any_addr() const;
|
||||||
|
|
||||||
|
static Result<IPAddress> get_ip_address(CSlice host); // host must be any IPv4 or IPv6
|
||||||
static Result<IPAddress> get_ipv4_address(CSlice host);
|
static Result<IPAddress> get_ipv4_address(CSlice host);
|
||||||
static Result<IPAddress> get_ipv6_address(CSlice host);
|
static Result<IPAddress> get_ipv6_address(CSlice host);
|
||||||
static Result<IPAddress> get_ip_address(CSlice host); // host must be any IPv4 or IPv6
|
|
||||||
|
|
||||||
Status init_ipv6_port(CSlice ipv6, int port) TD_WARN_UNUSED_RESULT;
|
Status init_ipv6_port(CSlice ipv6, int port) TD_WARN_UNUSED_RESULT;
|
||||||
Status init_ipv6_as_ipv4_port(CSlice ipv4, int port) TD_WARN_UNUSED_RESULT;
|
Status init_ipv6_as_ipv4_port(CSlice ipv4, int port) TD_WARN_UNUSED_RESULT;
|
||||||
|
@ -86,10 +86,12 @@ TEST(Mtproto, GetHostByNameActor) {
|
|||||||
" ",
|
" ",
|
||||||
"a",
|
"a",
|
||||||
"\x80",
|
"\x80",
|
||||||
|
"[]",
|
||||||
"127.0.0.1.",
|
"127.0.0.1.",
|
||||||
"0x12.0x34.0x56.0x78",
|
"0x12.0x34.0x56.0x78",
|
||||||
"0x7f.001",
|
"0x7f.001",
|
||||||
"2001:0db8:85a3:0000:0000:8a2e:0370:7334"};
|
"2001:0db8:85a3:0000:0000:8a2e:0370:7334",
|
||||||
|
"[2001:0db8:85a3:0000:0000:8a2e:0370:7334]"};
|
||||||
for (auto types : {vector<GetHostByNameActor::ResolverType>{GetHostByNameActor::ResolverType::Native},
|
for (auto types : {vector<GetHostByNameActor::ResolverType>{GetHostByNameActor::ResolverType::Native},
|
||||||
vector<GetHostByNameActor::ResolverType>{GetHostByNameActor::ResolverType::Google},
|
vector<GetHostByNameActor::ResolverType>{GetHostByNameActor::ResolverType::Google},
|
||||||
vector<GetHostByNameActor::ResolverType>{GetHostByNameActor::ResolverType::Google,
|
vector<GetHostByNameActor::ResolverType>{GetHostByNameActor::ResolverType::Google,
|
||||||
|
Reference in New Issue
Block a user