From 5fe0e41e79030d14d8e32bda7fb5412d8c335c52 Mon Sep 17 00:00:00 2001
From: "Richard J. Moore" <rich@kde.org>
Date: Sat, 12 Mar 2016 16:47:14 +0000
Subject: Do not send the trailing dot of a hostname as part of the SNI

The SNI extension must not include the trailing dot, even though this
is legitimate for the host header.

Task-number: QTBUG-51821
Change-Id: Ib7a7d8b1f8f98bc99ae745b03d2b97e507adefaf
Reviewed-by: Daniel Molkentin (ownCloud) <danimo@owncloud.com>
---
 src/network/ssl/qsslsocket_openssl.cpp | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'src/network/ssl')

diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp
index dd47dfc45f..244d4bbebf 100644
--- a/src/network/ssl/qsslsocket_openssl.cpp
+++ b/src/network/ssl/qsslsocket_openssl.cpp
@@ -390,6 +390,10 @@ bool QSslSocketBackendPrivate::initSslContext()
         if (!ace.isEmpty()
             && !QHostAddress().setAddress(tlsHostName)
             && !(configuration.sslOptions & QSsl::SslOptionDisableServerNameIndication)) {
+            // We don't send the trailing dot from the host header if present see
+            // https://tools.ietf.org/html/rfc6066#section-3
+            if (ace.endsWith('.'))
+                ace.chop(1);
             if (!q_SSL_ctrl(ssl, SSL_CTRL_SET_TLSEXT_HOSTNAME, TLSEXT_NAMETYPE_host_name, ace.data()))
                 qCWarning(lcSsl, "could not set SSL_CTRL_SET_TLSEXT_HOSTNAME, Server Name Indication disabled");
         }
-- 
cgit v1.2.3