Add isc_tls_valid_sni_hostname()

Add a function that checks if a 'hostname' is not a valid IPv4 or IPv6
address. Returns 'true' if the hostname is likely a domain name, and
'false' if it represents an IP address.

diff --git a/lib/isc/include/isc/tls.h b/lib/isc/include/isc/tls.h
index 6de0152c49595d7f8f27dc754a3bcf5189c49668..50755ac2b1e911bf6393fe8b1773b88df863f126 100644 (file)
--- a/lib/isc/include/isc/tls.h
+++ b/lib/isc/include/isc/tls.h
@@ -608,6 +608,14 @@ isc_tlsctx_set_random_session_id_context(isc_tlsctx_t *ctx);
  *\li   'ctx' - a valid non-NULL pointer;
  */
 
+bool
+isc_tls_valid_sni_hostname(const char *hostname);
+/*%<
+ * Checks if a 'hostname' is not a valid IPv4 or IPv6 address
+ * string. Returns 'true' if the hostname is likely a domain name, and
+ * 'false' if it represents an IP address.
+ */
+
 #define isc_tlserr2result(category, module, funcname, fallback)            \
        isc__tlserr2result(category, module, funcname, fallback, __FILE__, \
                           __LINE__)

diff --git a/lib/isc/tls.c b/lib/isc/tls.c
index a52863e23ab152e022663c3fc6bf2274f42d79e1..1d1990a9530e669972a93eaa0683902328849574 100644 (file)
--- a/lib/isc/tls.c
+++ b/lib/isc/tls.c
@@ -1528,6 +1528,29 @@ isc_tlsctx_set_random_session_id_context(isc_tlsctx_t *ctx) {
                SSL_CTX_set_session_id_context(ctx, session_id_ctx, len) == 1);
 }
 
+bool
+isc_tls_valid_sni_hostname(const char *hostname) {
+       struct sockaddr_in sa_v4 = { 0 };
+       struct sockaddr_in6 sa_v6 = { 0 };
+       int ret = 0;
+
+       if (hostname == NULL) {
+               return false;
+       }
+
+       ret = inet_pton(AF_INET, hostname, &sa_v4.sin_addr);
+       if (ret == 1) {
+               return false;
+       }
+
+       ret = inet_pton(AF_INET6, hostname, &sa_v6.sin6_addr);
+       if (ret == 1) {
+               return false;
+       }
+
+       return true;
+}
+
 static isc_result_t
 isc__tls_toresult(isc_result_t fallback) {
        isc_result_t result = fallback;