Add isc_tls_valid_sni_hostname()

Add a function that checks if a 'hostname' is not a valid IPv4 or IPv6
address. Returns 'true' if the hostname is likely a domain name, and
'false' if it represents an IP address.

(cherry picked from commit 1f199ee60654e5cf47821f3b96b980bff34769bc)

diff --git a/lib/isc/include/isc/tls.h b/lib/isc/include/isc/tls.h
index 75ad88df46e2775be2355a9390b6266a2eb51110..23b92c72d1189dd9bab52916bc0ef6449cc80ca3 100644 (file)
--- a/lib/isc/include/isc/tls.h
+++ b/lib/isc/include/isc/tls.h
@@ -607,6 +607,14 @@ isc_tlsctx_set_random_session_id_context(isc_tlsctx_t *ctx);
  *\li   'ctx' - a valid non-NULL pointer;
  */
 
+bool
+isc_tls_valid_sni_hostname(const char *hostname);
+/*%<
+ * Checks if a 'hostname' is not a valid IPv4 or IPv6 address
+ * string. Returns 'true' if the hostname is likely a domain name, and
+ * 'false' if it represents an IP address.
+ */
+
 void
 isc__tls_initialize(void);
 

diff --git a/lib/isc/tls.c b/lib/isc/tls.c
index 1a84bdefa693f66a4c67efafccbdb63099f2dd0d..76f4466b5c7a0798fefff6fc2a0fc166025d4f13 100644 (file)
--- a/lib/isc/tls.c
+++ b/lib/isc/tls.c
@@ -1807,3 +1807,26 @@ isc_tlsctx_set_random_session_id_context(isc_tlsctx_t *ctx) {
        RUNTIME_CHECK(
                SSL_CTX_set_session_id_context(ctx, session_id_ctx, len) == 1);
 }
+
+bool
+isc_tls_valid_sni_hostname(const char *hostname) {
+       struct sockaddr_in sa_v4 = { 0 };
+       struct sockaddr_in6 sa_v6 = { 0 };
+       int ret = 0;
+
+       if (hostname == NULL) {
+               return false;
+       }
+
+       ret = inet_pton(AF_INET, hostname, &sa_v4.sin_addr);
+       if (ret == 1) {
+               return false;
+       }
+
+       ret = inet_pton(AF_INET6, hostname, &sa_v6.sin6_addr);
+       if (ret == 1) {
+               return false;
+       }
+
+       return true;
+}