Remove trailing dot from hostname input

author Tim Rühsen <tim.ruehsen@gmx.de>

Thu, 19 Jul 2018 10:50:13 +0000 (12:50 +0200)

committer Tim Rühsen <tim.ruehsen@gmx.de>

Sun, 22 Jul 2018 10:44:25 +0000 (12:44 +0200)
author Tim Rühsen <tim.ruehsen@gmx.de>
Thu, 19 Jul 2018 10:50:13 +0000 (12:50 +0200)
committer Tim Rühsen <tim.ruehsen@gmx.de>
Sun, 22 Jul 2018 10:44:25 +0000 (12:44 +0200)
diff --git a/src/cli.c b/src/cli.c

index 42b8e513241a1ab6ec1075e46d900eecbec67243..21be015dc82a776333b5f564161bbdb358bac2c2 100644 (file)
--- a/src/cli.c
+++ b/src/cli.c
@@ -331,9 +331,10 @@ static int cert_verify_callback(gnutls_session_t session)
                 ssh = strictssh;
         }
  
-       if (HAVE_OPT(VERIFY_HOSTNAME))
+       if (HAVE_OPT(VERIFY_HOSTNAME)) {
                 host = OPT_ARG(VERIFY_HOSTNAME);
-       else
+               canonicalize_host((char *) host, NULL, 0);
+       } else
                 host = hostname;
  
         /* Save certificate and OCSP response */
@@ -603,8 +604,10 @@ gnutls_session_t init_tls_session(const char *host)
          */
         if (disable_extensions == 0 && disable_sni == 0) {
                 if (HAVE_OPT(SNI_HOSTNAME)) {
-                       gnutls_server_name_set(session, GNUTLS_NAME_DNS,
-                                              OPT_ARG(SNI_HOSTNAME), strlen(OPT_ARG(SNI_HOSTNAME)));
+                       const char *sni_host = OPT_ARG(SNI_HOSTNAME);
+
+                       canonicalize_host((char *) sni_host, NULL, 0);
+                       gnutls_server_name_set(session, GNUTLS_NAME_DNS, sni_host, strlen(sni_host));
                 } else if (host != NULL && is_ip(host) == 0)
                         gnutls_server_name_set(session, GNUTLS_NAME_DNS,
                                                host, strlen(host));
diff --git a/src/socket.c b/src/socket.c

index 253607e5a8b688264370cb85d953f80b8cf37f4e..eacff01b42ab3bf0a918fc8cf26f9fe2bc0a6bf4 100644 (file)
--- a/src/socket.c
+++ b/src/socket.c
@@ -401,17 +401,22 @@ void socket_bye(socket_st * socket, unsigned polite)
  void canonicalize_host(char *hostname, char *service, unsigned service_size)
  {
         char *p;
-       unsigned char buf[64];
  
-       p = strchr(hostname, ':');
-       if (p == NULL)
-               return;
+       if ((p = strchr(hostname, ':'))) {
+               unsigned char buf[64];
  
-       if (inet_pton(AF_INET6, hostname, buf) == 1)
-               return;
+               if (inet_pton(AF_INET6, hostname, buf) == 1)
+                       return;
+
+               *p = 0;
+
+               if (service && service_size)
+                       snprintf(service, service_size, "%s", p+1);
+       } else
+               p = hostname + strlen(hostname);
  
-       *p = 0;
-       snprintf(service, service_size, "%s", p+1);
+       if (p > hostname && p[-1] == '.')
+               p[-1] = 0; // remove trailing dot on FQDN
  }
  
  static ssize_t
diff --git a/tests/sni-hostname.sh b/tests/sni-hostname.sh

index afc2a0099bbd6b7e930fa2f940bd7cbe163f5544..4c5f8d2a946b2291d8cb2880abc4364cd09e71d3 100755 (executable)
--- a/tests/sni-hostname.sh
+++ b/tests/sni-hostname.sh
@@ -74,6 +74,9 @@ ${VALGRIND} "${CLI}" -p "${PORT}" 127.0.0.1 ${NOOPTS} --priority "NORMAL" --x509
  ${VALGRIND} "${CLI}" -p "${PORT}" 127.0.0.1 --sni-hostname example.com --priority "NORMAL" --x509cafile ${CA1} </dev/null >/dev/null && \
         fail ${PID} "5. handshake should have failed!"
  
+${VALGRIND} "${CLI}" -p "${PORT}" 127.0.0.1 --sni-hostname example.com. --verify-hostname example.com. --priority "NORMAL" --x509cafile ${CA1} </dev/null >/dev/null || \
+       fail ${PID} "6. handshake should have succeeded!"
+
  kill ${PID}
  wait
author	Tim Rühsen <tim.ruehsen@gmx.de>
	Thu, 19 Jul 2018 10:50:13 +0000 (12:50 +0200)
committer	Tim Rühsen <tim.ruehsen@gmx.de>
	Sun, 22 Jul 2018 10:44:25 +0000 (12:44 +0200)
src/cli.c		patch \| blob \| blame \| history
src/socket.c		patch \| blob \| blame \| history
tests/sni-hostname.sh		patch \| blob \| blame \| history