Do not send the trailing dot of a hostname as part of the SNI

The SNI extension must not include the trailing dot, even though this is legitimate for the host header. Task-number: QTBUG-51821 Change-Id: Ib7a7d8b1f8f98bc99ae745b03d2b97e507adefaf Reviewed-by: Daniel Molkentin (ownCloud) <danimo@owncloud.com>
author: Richard J. Moore <rich@kde.org> 2016-03-12 16:47:14 +0000
committer: Daniel Molkentin (ownCloud) <danimo@owncloud.com> 2016-03-13 00:05:38 +0000
commit: 5fe0e41e79030d14d8e32bda7fb5412d8c335c52 (patch)
tree: d3028dd56fdac78febc5588da62fb9a3f4522917 /src
parent: 978804d2c229e1b15b497cb8de18032d1e220529 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp
index dd47dfc45f..244d4bbebf 100644
--- a/src/network/ssl/qsslsocket_openssl.cpp
+++ b/src/network/ssl/qsslsocket_openssl.cpp
@@ -390,6 +390,10 @@ bool QSslSocketBackendPrivate::initSslContext()
         if (!ace.isEmpty()
             && !QHostAddress().setAddress(tlsHostName)
             && !(configuration.sslOptions & QSsl::SslOptionDisableServerNameIndication)) {
+            // We don't send the trailing dot from the host header if present see
+            // https://tools.ietf.org/html/rfc6066#section-3
+            if (ace.endsWith('.'))
+                ace.chop(1);
             if (!q_SSL_ctrl(ssl, SSL_CTRL_SET_TLSEXT_HOSTNAME, TLSEXT_NAMETYPE_host_name, ace.data()))
                 qCWarning(lcSsl, "could not set SSL_CTRL_SET_TLSEXT_HOSTNAME, Server Name Indication disabled");
         }
author	Richard J. Moore <rich@kde.org>	2016-03-12 16:47:14 +0000
committer	Daniel Molkentin (ownCloud) <danimo@owncloud.com>	2016-03-13 00:05:38 +0000
commit	5fe0e41e79030d14d8e32bda7fb5412d8c335c52 (patch)
tree	d3028dd56fdac78febc5588da62fb9a3f4522917 /src
parent	978804d2c229e1b15b497cb8de18032d1e220529 (diff)