aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJack Lloyd <jack@randombit.net>2017-03-28 11:49:14 -0400
committerJack Lloyd <jack@randombit.net>2017-03-28 11:49:14 -0400
commitd4deb86738019033ede184e8d46d9e892c435f6c (patch)
tree14617bff712845189dd0872e9b593e2a983bbd67
parent6378305fb557ddac52b5f0e9ca69eac1d10bb541 (diff)
parent9a78e34a2f5f72377cd109b126f11f9bd7761652 (diff)
Merge GH #942 Avoid passing IP as hostname in tls_client command line util
-rw-r--r--doc/manual/tls.rst4
-rw-r--r--src/cli/tls_client.cpp12
2 files changed, 15 insertions, 1 deletions
diff --git a/doc/manual/tls.rst b/doc/manual/tls.rst
index 19857e3ec..70efb1a67 100644
--- a/doc/manual/tls.rst
+++ b/doc/manual/tls.rst
@@ -302,6 +302,10 @@ TLS Clients
the server select what certificate to use and helps the client
validate the connection.
+ Note that the server name indicator name must be a FQDN. IP
+ addresses are not allowed by RFC 6066 and may lead to interoperability
+ problems.
+
Use the optional *offer_version* to control the version of TLS you
wish the client to offer. Normally, you'll want to offer the most
recent version of (D)TLS that is available, however some broken
diff --git a/src/cli/tls_client.cpp b/src/cli/tls_client.cpp
index f3b3425a5..3cba471f0 100644
--- a/src/cli/tls_client.cpp
+++ b/src/cli/tls_client.cpp
@@ -25,6 +25,7 @@
#include <sys/time.h>
#include <sys/socket.h>
#include <netinet/in.h>
+#include <arpa/inet.h>
#include <netdb.h>
#include <unistd.h>
#include <errno.h>
@@ -117,12 +118,21 @@ class TLS_Client final : public Command, public Botan::TLS::Callbacks
version = Botan::TLS::Protocol_Version::TLS_V11;
}
+ struct sockaddr_storage addrbuf;
+ std::string hostname;
+ if(!host.empty() &&
+ inet_pton(AF_INET, host.c_str(), &addrbuf) != 1 &&
+ inet_pton(AF_INET6, host.c_str(), &addrbuf) != 1)
+ {
+ hostname = host;
+ }
+
Botan::TLS::Client client(*this,
*session_mgr,
creds,
*policy,
rng(),
- Botan::TLS::Server_Information(host, port),
+ Botan::TLS::Server_Information(hostname, port),
version,
protocols_to_offer);