CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2021/06/01 14:14:17
Modified files:
lib/libtls : tls_client.c
Log message:
Avoid sending a trailing dot in SNI as a client
While an FQDN includes a trailing dot for the zero-length label of
the root, SNI explicitly does not contain it. Contrary to other TLS
implementations, our tlsext_sni_is_valid_hostname() rejects a trailing
dot. The result is that LibreSSL TLS servers encountering an SNI with
trailing dot abort the connection with an illegal_parameter alert.
This fixes an issue reported by danj in nc(1) and by sthen in ftp(1).
DNS cluebat from florian.
ok jsing
