diff options
author | Richard J. Moore <rich@kde.org> | 2016-03-12 16:47:14 +0000 |
---|---|---|
committer | Daniel Molkentin (ownCloud) <danimo@owncloud.com> | 2016-03-13 00:05:38 +0000 |
commit | 5fe0e41e79030d14d8e32bda7fb5412d8c335c52 (patch) | |
tree | d3028dd56fdac78febc5588da62fb9a3f4522917 /src | |
parent | 978804d2c229e1b15b497cb8de18032d1e220529 (diff) |
Do not send the trailing dot of a hostname as part of the SNI
The SNI extension must not include the trailing dot, even though this
is legitimate for the host header.
Task-number: QTBUG-51821
Change-Id: Ib7a7d8b1f8f98bc99ae745b03d2b97e507adefaf
Reviewed-by: Daniel Molkentin (ownCloud) <danimo@owncloud.com>
Diffstat (limited to 'src')
-rw-r--r-- | src/network/ssl/qsslsocket_openssl.cpp | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp index dd47dfc45f..244d4bbebf 100644 --- a/src/network/ssl/qsslsocket_openssl.cpp +++ b/src/network/ssl/qsslsocket_openssl.cpp @@ -390,6 +390,10 @@ bool QSslSocketBackendPrivate::initSslContext() if (!ace.isEmpty() && !QHostAddress().setAddress(tlsHostName) && !(configuration.sslOptions & QSsl::SslOptionDisableServerNameIndication)) { + // We don't send the trailing dot from the host header if present see + // https://tools.ietf.org/html/rfc6066#section-3 + if (ace.endsWith('.')) + ace.chop(1); if (!q_SSL_ctrl(ssl, SSL_CTRL_SET_TLSEXT_HOSTNAME, TLSEXT_NAMETYPE_host_name, ace.data())) qCWarning(lcSsl, "could not set SSL_CTRL_SET_TLSEXT_HOSTNAME, Server Name Indication disabled"); } |