diff options
author | Mårten Nordheim <marten.nordheim@qt.io> | 2019-08-14 15:01:57 +0200 |
---|---|---|
committer | Mårten Nordheim <marten.nordheim@qt.io> | 2019-08-16 22:47:06 +0200 |
commit | c7b1cbdea9a9ec3d9af9331d2704390d3bb0fafe (patch) | |
tree | e795ae212b76eee92c40cb3a65614de7e8a8fdd5 /src/network/ssl | |
parent | 66a1975200c5ec106205522c37e32f990df84883 (diff) |
Schannel: ALPN: Don't include empty, too long or truncated names
As is said in RFC7301 in section 3.1 [1]:
Protocols are named by IANA-registered, opaque, non-empty byte strings
[...]. Empty strings MUST NOT be included and byte strings MUST NOT be
truncated.
[1]: https://tools.ietf.org/html/rfc7301#section-3.1
Change-Id: I38168ac570a433807e16121d5dec46d4ac73c4bf
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Diffstat (limited to 'src/network/ssl')
-rw-r--r-- | src/network/ssl/qsslsocket_schannel.cpp | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/src/network/ssl/qsslsocket_schannel.cpp b/src/network/ssl/qsslsocket_schannel.cpp index 1314b432a4..c5ba823832 100644 --- a/src/network/ssl/qsslsocket_schannel.cpp +++ b/src/network/ssl/qsslsocket_schannel.cpp @@ -408,13 +408,17 @@ QByteArray createAlpnString(const QByteArrayList &nextAllowedProtocols) for (QByteArray proto : nextAllowedProtocols) { if (proto.size() > 255) { qCWarning(lcSsl) << "TLS ALPN extension" << proto - << "is too long and will be truncated to 255 characters."; - proto = proto.left(255); + << "is too long and will be ignored."; + continue; + } else if (proto.isEmpty()) { + continue; } protocolString += char(proto.length()) + proto; } return protocolString; }(); + if (names.isEmpty()) + return alpnString; const quint16 namesSize = names.size(); const quint32 alpnId = SecApplicationProtocolNegotiationExt_ALPN; |