summaryrefslogtreecommitdiffstats
path: root/src/network/ssl/qsslsocket_openssl.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'src/network/ssl/qsslsocket_openssl.cpp')
-rw-r--r--src/network/ssl/qsslsocket_openssl.cpp12
1 files changed, 9 insertions, 3 deletions
diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp
index fcc267e7cc..b86b69cad4 100644
--- a/src/network/ssl/qsslsocket_openssl.cpp
+++ b/src/network/ssl/qsslsocket_openssl.cpp
@@ -399,6 +399,10 @@ bool QSslSocketBackendPrivate::initSslContext()
if (!ace.isEmpty()
&& !QHostAddress().setAddress(tlsHostName)
&& !(configuration.sslOptions & QSsl::SslOptionDisableServerNameIndication)) {
+ // We don't send the trailing dot from the host header if present see
+ // https://tools.ietf.org/html/rfc6066#section-3
+ if (ace.endsWith('.'))
+ ace.chop(1);
if (!q_SSL_ctrl(ssl, SSL_CTRL_SET_TLSEXT_HOSTNAME, TLSEXT_NAMETYPE_host_name, ace.data()))
qCWarning(lcSsl, "could not set SSL_CTRL_SET_TLSEXT_HOSTNAME, Server Name Indication disabled");
}
@@ -632,10 +636,12 @@ void QSslSocketPrivate::resetDefaultCiphers()
// Unconditionally exclude ADH and AECDH ciphers since they offer no MITM protection
if (!ciph.name().toLower().startsWith(QLatin1String("adh")) &&
!ciph.name().toLower().startsWith(QLatin1String("exp-adh")) &&
- !ciph.name().toLower().startsWith(QLatin1String("aecdh")))
+ !ciph.name().toLower().startsWith(QLatin1String("aecdh"))) {
ciphers << ciph;
- if (ciph.usedBits() >= 128)
- defaultCiphers << ciph;
+
+ if (ciph.usedBits() >= 128)
+ defaultCiphers << ciph;
+ }
}
}
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-25 04:42:55 +0000