tdlight-team/tdlight
tdlight-team/tdlight
1
1
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Do not send IP address in SNI.

Browse Source 
GitOrigin-RevId: ff01b1f5f9219e34b0cacdf8acd49bf4e5a3daa2
This commit is contained in:
levlam 2020-05-16 17:50:58 +03:00
parent e58d423af1
commit 7bdff46710
3 changed files with 11 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
tdnet/td/net/SslStream.cpp
View File

@ -10,6 +10,7 @@
#include "td/utils/common.h" #include "td/utils/common.h"
#include "td/utils/logging.h" #include "td/utils/logging.h"
#include "td/utils/misc.h" #include "td/utils/misc.h"
#include "td/utils/port/IPAddress.h"
#include "td/utils/port/wstring_convert.h" #include "td/utils/port/wstring_convert.h"
#include "td/utils/StackAllocator.h" #include "td/utils/StackAllocator.h"
#include "td/utils/Status.h" #include "td/utils/Status.h"
@ -318,6 +319,8 @@ class SslStreamImpl {
SSL_free(ssl_handle); SSL_free(ssl_handle);
}; };
auto r_ip_address = IPAddress::get_ip_address(host);
#if OPENSSL_VERSION_NUMBER >= 0x10002000L #if OPENSSL_VERSION_NUMBER >= 0x10002000L
X509_VERIFY_PARAM *param = SSL_get0_param(ssl_handle); X509_VERIFY_PARAM *param = SSL_get0_param(ssl_handle);
/* Enable automatic hostname checks */ /* Enable automatic hostname checks */
@ -333,8 +336,10 @@ class SslStreamImpl {
SSL_set_bio(ssl_handle, bio, bio); SSL_set_bio(ssl_handle, bio, bio);
#if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT) #if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT)
if (r_ip_address.is_error()) { // IP address must not be send as SNI
auto host_str = host.str(); auto host_str = host.str();
SSL_set_tlsext_host_name(ssl_handle, MutableCSlice(host_str).begin()); SSL_set_tlsext_host_name(ssl_handle, MutableCSlice(host_str).begin());
}
#endif #endif
SSL_set_connect_state(ssl_handle); SSL_set_connect_state(ssl_handle);

2
tdutils/td/utils/port/IPAddress.h
View File

@ -49,9 +49,9 @@ class IPAddress {
IPAddress get_any_addr() const; IPAddress get_any_addr() const;
static Result<IPAddress> get_ip_address(CSlice host); // host must be any IPv4 or IPv6
static Result<IPAddress> get_ipv4_address(CSlice host); static Result<IPAddress> get_ipv4_address(CSlice host);
static Result<IPAddress> get_ipv6_address(CSlice host); static Result<IPAddress> get_ipv6_address(CSlice host);
static Result<IPAddress> get_ip_address(CSlice host); // host must be any IPv4 or IPv6
Status init_ipv6_port(CSlice ipv6, int port) TD_WARN_UNUSED_RESULT; Status init_ipv6_port(CSlice ipv6, int port) TD_WARN_UNUSED_RESULT;
Status init_ipv6_as_ipv4_port(CSlice ipv4, int port) TD_WARN_UNUSED_RESULT; Status init_ipv6_as_ipv4_port(CSlice ipv4, int port) TD_WARN_UNUSED_RESULT;

4
test/mtproto.cpp
View File

@ -86,10 +86,12 @@ TEST(Mtproto, GetHostByNameActor) {
" ", " ",
"a", "a",
"\x80", "\x80",
"[]",
"127.0.0.1.", "127.0.0.1.",
"0x12.0x34.0x56.0x78", "0x12.0x34.0x56.0x78",
"0x7f.001", "0x7f.001",
"2001:0db8:85a3:0000:0000:8a2e:0370:7334"}; "2001:0db8:85a3:0000:0000:8a2e:0370:7334",
"[2001:0db8:85a3:0000:0000:8a2e:0370:7334]"};
for (auto types : {vector<GetHostByNameActor::ResolverType>{GetHostByNameActor::ResolverType::Native}, for (auto types : {vector<GetHostByNameActor::ResolverType>{GetHostByNameActor::ResolverType::Native},
vector<GetHostByNameActor::ResolverType>{GetHostByNameActor::ResolverType::Google}, vector<GetHostByNameActor::ResolverType>{GetHostByNameActor::ResolverType::Google},
vector<GetHostByNameActor::ResolverType>{GetHostByNameActor::ResolverType::Google, vector<GetHostByNameActor::ResolverType>{GetHostByNameActor::ResolverType::Google,