Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto/tls: Dotted-quad Servername given in ServerNameList extension #13111

Closed
RalphCorderoy opened this issue Oct 30, 2015 · 9 comments
Closed

crypto/tls: Dotted-quad Servername given in ServerNameList extension #13111

RalphCorderoy opened this issue Oct 30, 2015 · 9 comments
Assignees
Milestone

Comments

@RalphCorderoy
Copy link

@RalphCorderoy RalphCorderoy commented Oct 30, 2015

http://tools.ietf.org/html/rfc6066#section-3 defines Server Name Indication and says «The hostname is represented as a byte string using ASCII encoding without a trailing dot... Literal IPv4 and IPv6 addresses are not permitted in "HostName"». I take that to mean a dotted-quad ASCII string isn't allowed, perhaps to avoid the ambiguity of it and the destination IP address differing. The alternative is it means a 32-bit IPv4 address cannot be given, but that's already ruled out by "ASCII encoding".

A tls.Dial("tcp", "3.1.4.1:5", ...) passes "3.1.4.1" in the TLS's ClientHello.

@ianlancetaylor ianlancetaylor added this to the Unplanned milestone Oct 30, 2015
@ianlancetaylor

This comment has been minimized.

Copy link
Contributor

@ianlancetaylor ianlancetaylor commented Oct 30, 2015

CC @agl

@agl agl self-assigned this Nov 9, 2015
@agl

This comment has been minimized.

Copy link
Contributor

@agl agl commented Nov 9, 2015

@gopherbot

This comment has been minimized.

Copy link

@gopherbot gopherbot commented Nov 9, 2015

CL https://golang.org/cl/16742 mentions this issue.

@agl agl closed this in a4dcc69 Nov 9, 2015
@RalphCorderoy

This comment has been minimized.

Copy link
Author

@RalphCorderoy RalphCorderoy commented Nov 10, 2015

The commit that closed this issue was promptly reverted by @agl, https://golang.org/cl/16770
What's the reason? I'd like to know if I misunderstood. Did it break a server that's expecting dotted quad?

@bradfitz

This comment has been minimized.

Copy link
Contributor

@bradfitz bradfitz commented Nov 10, 2015

Unknown. @agl?

@bradfitz bradfitz reopened this Nov 10, 2015
@gopherbot

This comment has been minimized.

Copy link

@gopherbot gopherbot commented Nov 10, 2015

CL https://golang.org/cl/16776 mentions this issue.

@agl agl closed this in 9f08b6c Nov 10, 2015
@willmo

This comment has been minimized.

Copy link

@willmo willmo commented Feb 19, 2016

@agl It's still broken for IPv6 literals with HTTPS, since HTTP encloses IPv6 literals in square brackets so that net.ParseIP can't recognize them.

I'm not sure if tls should handle square brackets, or if http should strip the brackets when setting ServerName, or what.

Should I reopen this issue, or create a new one?

@mikioh

This comment has been minimized.

Copy link
Contributor

@mikioh mikioh commented Feb 19, 2016

@willmo, please open a new issue.

@gopherbot

This comment has been minimized.

Copy link

@gopherbot gopherbot commented Feb 19, 2016

CL https://golang.org/cl/19704 mentions this issue.

gopherbot pushed a commit that referenced this issue Feb 27, 2016
This is a followup change to #13111 for filtering out IPv6 literals and
absolute FQDNs from being as the SNI values.

Updates #13111.
Fixes #14404.

Change-Id: I09ab8d2a9153d9a92147e57ca141f2e97ddcef6e
Reviewed-on: https://go-review.googlesource.com/19704
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
@golang golang locked and limited conversation to collaborators Feb 28, 2017
FiloSottile pushed a commit to FiloSottile/go that referenced this issue Oct 12, 2018
https://tools.ietf.org/html/rfc6066#section-3 states:

  “Literal IPv4 and IPv6 addresses are not permitted in "HostName".”

However, if an IP literal was set as Config.ServerName (which could
happen as easily as calling Dial with an IP address) then the code would
send the IP literal as the SNI value.

This change filters out IP literals, as recognised by net.ParseIP, from
being sent as the SNI value.

Fixes golang#13111.

Change-Id: Ie9ec7acc767ae172b48c9c6dd8d84fa27b1cf0de
Reviewed-on: https://go-review.googlesource.com/16742
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Adam Langley <agl@golang.org>
FiloSottile pushed a commit to FiloSottile/go that referenced this issue Oct 12, 2018
(This relands commit a4dcc69.)

https://tools.ietf.org/html/rfc6066#section-3 states:

  “Literal IPv4 and IPv6 addresses are not permitted in "HostName".”

However, if an IP literal was set as Config.ServerName (which could
happen as easily as calling Dial with an IP address) then the code would
send the IP literal as the SNI value.

This change filters out IP literals, as recognised by net.ParseIP, from
being sent as the SNI value.

Fixes golang#13111.

Change-Id: I6e544a78a01388f8fe98150589d073b917087f75
Reviewed-on: https://go-review.googlesource.com/16776
Run-TryBot: Adam Langley <agl@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Reviewed-by: Russ Cox <rsc@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
FiloSottile pushed a commit to FiloSottile/go that referenced this issue Oct 12, 2018
https://tools.ietf.org/html/rfc6066#section-3 states:

  “Literal IPv4 and IPv6 addresses are not permitted in "HostName".”

However, if an IP literal was set as Config.ServerName (which could
happen as easily as calling Dial with an IP address) then the code would
send the IP literal as the SNI value.

This change filters out IP literals, as recognised by net.ParseIP, from
being sent as the SNI value.

Fixes golang#13111.

Change-Id: Ie9ec7acc767ae172b48c9c6dd8d84fa27b1cf0de
Reviewed-on: https://go-review.googlesource.com/16742
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Adam Langley <agl@golang.org>
FiloSottile pushed a commit to FiloSottile/go that referenced this issue Oct 12, 2018
(This relands commit a4dcc69.)

https://tools.ietf.org/html/rfc6066#section-3 states:

  “Literal IPv4 and IPv6 addresses are not permitted in "HostName".”

However, if an IP literal was set as Config.ServerName (which could
happen as easily as calling Dial with an IP address) then the code would
send the IP literal as the SNI value.

This change filters out IP literals, as recognised by net.ParseIP, from
being sent as the SNI value.

Fixes golang#13111.

Change-Id: I6e544a78a01388f8fe98150589d073b917087f75
Reviewed-on: https://go-review.googlesource.com/16776
Run-TryBot: Adam Langley <agl@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Reviewed-by: Russ Cox <rsc@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
7 participants
You can’t perform that action at this time.