Fixed parsing of server-sent SNI.

The old code could not handle an empty SNI extension that most servers
send. RFC 6066 prose instructs servers to send empty SNI extensions, and
the formal SNI grammar is apparently client-specific. We are not the
only ones being confused by that because there are severs that send
empty ServerNameLists, which are actually prohibited by the grammar.

diff --git a/src/security/Handshake.cc b/src/security/Handshake.cc
index 140745ff454675983b600d4b4eca89e32343d9d1..9909d3e64c15ed06c1f310a9328a9d9b8a21447e 100644 (file)
--- a/src/security/Handshake.cc
+++ b/src/security/Handshake.cc
@@ -408,6 +408,10 @@ Security::HandshakeParser::parseServerHelloHandshakeMessage(const SBuf &raw)
 SBuf
 Security::HandshakeParser::parseSniExtension(const SBuf &extensionData) const
 {
+    // Servers SHOULD send an empty SNI extension, not an empty ServerNameList!
+    if (extensionData.isEmpty())
+        return SBuf();
+
     BinaryTokenizer tkList(extensionData);
     const P16String list(tkList, "ServerNameList");