diff options
| author | Adam Langley <agl@golang.org> | 2015-11-09 15:16:12 -0800 |
|---|---|---|
| committer | Adam Langley <agl@golang.org> | 2015-11-09 23:16:51 +0000 |
| commit | b46df69541fd0661491245ffd13285d829778fd8 (patch) | |
| tree | 288ae9ac640811c72a3d8614c910ab208ad4fa07 /src | |
| parent | a4dcc692011bf1ceca9b1a363fd83f3e59e399ee (diff) | |
| download | go-b46df69541fd0661491245ffd13285d829778fd8.tar.xz | |
Revert "crypto/tls: don't send IP literals as SNI values."
This reverts commit a4dcc692011bf1ceca9b1a363fd83f3e59e399ee.
Change-Id: Ib55fd349a604d6b5220dac20327501e1ce46b962
Reviewed-on: https://go-review.googlesource.com/16770
Reviewed-by: Adam Langley <agl@golang.org>
Diffstat (limited to 'src')
| -rw-r--r-- | src/crypto/tls/common.go | 3 | ||||
| -rw-r--r-- | src/crypto/tls/handshake_client.go | 9 | ||||
| -rw-r--r-- | src/crypto/tls/handshake_client_test.go | 27 |
3 files changed, 2 insertions, 37 deletions
diff --git a/src/crypto/tls/common.go b/src/crypto/tls/common.go index c68ebfe188..d47dc6182f 100644 --- a/src/crypto/tls/common.go +++ b/src/crypto/tls/common.go @@ -286,8 +286,7 @@ type Config struct { // ServerName is used to verify the hostname on the returned // certificates unless InsecureSkipVerify is given. It is also included - // in the client's handshake to support virtual hosting unless it is - // an IP address. + // in the client's handshake to support virtual hosting. ServerName string // ClientAuth determines the server's policy for diff --git a/src/crypto/tls/handshake_client.go b/src/crypto/tls/handshake_client.go index 462acfd1a1..0b591d7309 100644 --- a/src/crypto/tls/handshake_client.go +++ b/src/crypto/tls/handshake_client.go @@ -49,20 +49,13 @@ func (c *Conn) clientHandshake() error { return errors.New("tls: NextProtos values too large") } - sni := c.config.ServerName - // IP address literals are not permitted as SNI values. See - // https://tools.ietf.org/html/rfc6066#section-3. - if net.ParseIP(sni) != nil { - sni = "" - } - hello := &clientHelloMsg{ vers: c.config.maxVersion(), compressionMethods: []uint8{compressionNone}, random: make([]byte, 32), ocspStapling: true, scts: true, - serverName: sni, + serverName: c.config.ServerName, supportedCurves: c.config.curvePreferences(), supportedPoints: []uint8{pointFormatUncompressed}, nextProtoNeg: len(c.config.NextProtos) > 0, diff --git a/src/crypto/tls/handshake_client_test.go b/src/crypto/tls/handshake_client_test.go index b275da15d0..664fe8de6a 100644 --- a/src/crypto/tls/handshake_client_test.go +++ b/src/crypto/tls/handshake_client_test.go @@ -600,30 +600,3 @@ func TestHandshakClientSCTs(t *testing.T) { } runClientTestTLS12(t, test) } - -func TestNoIPAddressesInSNI(t *testing.T) { - for _, ipLiteral := range []string{"1.2.3.4", "::1"} { - c, s := net.Pipe() - - go func() { - client := Client(c, &Config{ServerName: ipLiteral}) - client.Handshake() - }() - - var header [5]byte - if _, err := io.ReadFull(s, header[:]); err != nil { - t.Fatal(err) - } - recordLen := int(header[3])<<8 | int(header[4]) - - record := make([]byte, recordLen) - if _, err := io.ReadFull(s, record[:]); err != nil { - t.Fatal(err) - } - s.Close() - - if bytes.Index(record, []byte(ipLiteral)) != -1 { - t.Errorf("IP literal %q found in ClientHello: %x", ipLiteral, record) - } - } -} |