diff options
author | Jack Lloyd <jack@randombit.net> | 2017-03-28 11:49:14 -0400 |
---|---|---|
committer | Jack Lloyd <jack@randombit.net> | 2017-03-28 11:49:14 -0400 |
commit | d4deb86738019033ede184e8d46d9e892c435f6c (patch) | |
tree | 14617bff712845189dd0872e9b593e2a983bbd67 | |
parent | 6378305fb557ddac52b5f0e9ca69eac1d10bb541 (diff) | |
parent | 9a78e34a2f5f72377cd109b126f11f9bd7761652 (diff) |
Merge GH #942 Avoid passing IP as hostname in tls_client command line util
-rw-r--r-- | doc/manual/tls.rst | 4 | ||||
-rw-r--r-- | src/cli/tls_client.cpp | 12 |
2 files changed, 15 insertions, 1 deletions
diff --git a/doc/manual/tls.rst b/doc/manual/tls.rst index 19857e3ec..70efb1a67 100644 --- a/doc/manual/tls.rst +++ b/doc/manual/tls.rst @@ -302,6 +302,10 @@ TLS Clients the server select what certificate to use and helps the client validate the connection. + Note that the server name indicator name must be a FQDN. IP + addresses are not allowed by RFC 6066 and may lead to interoperability + problems. + Use the optional *offer_version* to control the version of TLS you wish the client to offer. Normally, you'll want to offer the most recent version of (D)TLS that is available, however some broken diff --git a/src/cli/tls_client.cpp b/src/cli/tls_client.cpp index f3b3425a5..3cba471f0 100644 --- a/src/cli/tls_client.cpp +++ b/src/cli/tls_client.cpp @@ -25,6 +25,7 @@ #include <sys/time.h> #include <sys/socket.h> #include <netinet/in.h> +#include <arpa/inet.h> #include <netdb.h> #include <unistd.h> #include <errno.h> @@ -117,12 +118,21 @@ class TLS_Client final : public Command, public Botan::TLS::Callbacks version = Botan::TLS::Protocol_Version::TLS_V11; } + struct sockaddr_storage addrbuf; + std::string hostname; + if(!host.empty() && + inet_pton(AF_INET, host.c_str(), &addrbuf) != 1 && + inet_pton(AF_INET6, host.c_str(), &addrbuf) != 1) + { + hostname = host; + } + Botan::TLS::Client client(*this, *session_mgr, creds, *policy, rng(), - Botan::TLS::Server_Information(host, port), + Botan::TLS::Server_Information(hostname, port), version, protocols_to_offer); |