Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Do not send IP address as server_name entries and skip non-fatal (war…

…ning) alerts when negotiating. Fix bug #8553
  • Loading branch information...
commit 95f73a7d368cfed9380fad557a87b65cdde030f1 1 parent 33c50ac
@spouliot spouliot authored
View
11 mcs/class/Mono.Security/Mono.Security.Protocol.Tls.Handshake.Client/TlsClientHello.cs
@@ -23,6 +23,7 @@
//
using System;
+using System.Net;
using System.Security.Cryptography;
namespace Mono.Security.Protocol.Tls.Handshake.Client
@@ -112,9 +113,17 @@ protected override void ProcessAsTls1()
{
ProcessAsSsl3 ();
+ // If applicable add the "server_name" extension to the hello message
// http://www.ietf.org/rfc/rfc3546.txt
+ string host = Context.ClientSettings.TargetHost;
+ // Our TargetHost might be an address (not a host *name*) - see bug #8553
+ // RFC3546 -> Literal IPv4 and IPv6 addresses are not permitted in "HostName".
+ IPAddress addr;
+ if (IPAddress.TryParse (host, out addr))
+ return;
+
TlsStream extensions = new TlsStream ();
- byte[] server_name = System.Text.Encoding.UTF8.GetBytes (Context.ClientSettings.TargetHost);
+ byte[] server_name = System.Text.Encoding.UTF8.GetBytes (host);
extensions.Write ((short) 0x0000); // ExtensionType: server_name (0)
extensions.Write ((short) (server_name.Length + 5)); // ServerNameList (length)
extensions.Write ((short) (server_name.Length + 3)); // ServerName (length)
View
8 mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslClientStream.cs
@@ -291,10 +291,10 @@ internal override IAsyncResult OnBeginNegotiateHandshake(AsyncCallback callback,
}
}
- private void SafeReceiveRecord (Stream s)
+ private void SafeReceiveRecord (Stream s, bool ignoreEmpty = false)
{
byte[] record = this.protocol.ReceiveRecord (s);
- if ((record == null) || (record.Length == 0)) {
+ if (!ignoreEmpty && ((record == null) || (record.Length == 0))) {
throw new TlsException (
AlertDescription.HandshakeFailiure,
"The server stopped the handshake.");
@@ -308,8 +308,8 @@ internal override void OnNegotiateHandshakeCallback(IAsyncResult asyncResult)
// Read server response
while (this.context.LastHandshakeMsg != HandshakeType.ServerHelloDone)
{
- // Read next record
- SafeReceiveRecord (this.innerStream);
+ // Read next record (skip empty, e.g. warnings alerts)
+ SafeReceiveRecord (this.innerStream, true);
// special case for abbreviated handshake where no ServerHelloDone is sent from the server
if (this.context.AbbreviatedHandshake && (this.context.LastHandshakeMsg == HandshakeType.ServerHello))
Please sign in to comment.
Something went wrong with that request. Please try again.