-
Notifications
You must be signed in to change notification settings - Fork 26
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Parsing server SNI response fails #11
Comments
Indeed, the specification allows empty data for server. Thanks for the report! I can think of two solutions (not mutually exclusive):
|
I think having two functions would be clearer - especially if there are extensions that differ even more (say Client sends a list of strings, server responds with a numeric index). Two functions would allow exposing I'd imagine this would also be somewhat simpler change for parsing even if it would require duplicating most of the current id-to-extension mapping. The problem otherwise would be that id To avoid source code breakage with existing consumers, I guess But in the end if all of this sounds/ends up being too complicated, I do think allowing empty |
Looking at the code (and based on the behavior I'm witnessing), the
parse_tls_extension_sni_content
requires the 16-bit length to be present unconditionally for the SNI extension parsing to succeed:tls-parser/src/tls_extensions.rs
Lines 239 to 246 in 867e9d0
However the server is supposed to leave the extension data empty when it responds to the client:
Given the extension data may differ between client/server hello, I'd guess there would be some need for context specific parsing implementation.
Currently I'm working around this by grabbing the header length by hand and parsing each extension individually, which allows me to skip the failing SNI here.
The text was updated successfully, but these errors were encountered: