Closed
Bug 421634
Opened 16 years ago
Closed 16 years ago
Don't send an SNI Client Hello extension bearing an IPv6 address
Categories
(NSS :: Libraries, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
3.11.10
People
(Reporter: nelson, Assigned: nelson)
Details
Attachments
(2 files)
|
1.19 KB,
patch
|
julien.pierre
:
review+
wtc
:
superreview+
|
Details | Diff | Splinter Review |
|
1.20 KB,
patch
|
wtc
:
review+
|
Details | Diff | Splinter Review |
When a client attempts to connect to a user using TLS, it typically sends a "Server Name Indication" (SNI) extension to the server, bearing the DNS name for the virtual server whose certificate it wants to see. If the client has not been given a DNS name by its calling app, but rather has been given an IP address, it's supposed to be smart and recognize that the string is an IP address and not send a Server Name Indication bearing that IP address. The code that composes the SNI extension detects IPv4 address strings, but does not detect IPv6 address strings, so it may send an IPv6 address string inside the SNI client hello extension to the server. Servers can rightfully barf on that.
|
Assignee | |
Comment 1•16 years ago
|
||
untested patch for branch. Will test before requesting review.
Assignee: nobody → nelson
Status: NEW → ASSIGNED
|
|
Assignee | |
Comment 2•16 years ago
|
||
|
|
Assignee | |
Comment 3•16 years ago
|
||
Comment on attachment 308099 [details] [diff] [review] Patch v1 for NSS Trunk (checked in) I finally tested this patch. Wan-Teh, please review.
Attachment #308099 -
Flags: review?(wtc)
|
|
Assignee | |
Comment 4•16 years ago
|
||
Comment on attachment 308098 [details] [diff] [review] patch v1 for NSS_3_11_BRANCH (checked in) Julien, This patch is the same as the other one, but applies cleanly to the branch. Please give this a second review for the branch.
Attachment #308098 -
Flags: review?(julien.pierre.boogz)
|
||
Updated•16 years ago
|
Attachment #308098 -
Flags: review?(julien.pierre.boogz) → review+
|
||
Updated•16 years ago
|
Attachment #308099 -
Flags: review?(wtc) → review+
|
|
||
Comment 5•16 years ago
|
||
Comment on attachment 308099 [details] [diff] [review] Patch v1 for NSS Trunk (checked in) r=wtc.
|
|
||
Comment 6•16 years ago
|
||
Comment on attachment 308098 [details] [diff] [review] patch v1 for NSS_3_11_BRANCH (checked in) r=wtc.
Attachment #308098 -
Flags: superreview+
|
|
Assignee | |
Comment 7•16 years ago
|
||
Comment on attachment 308099 [details] [diff] [review] Patch v1 for NSS Trunk (checked in) Checking in ssl/ssl3ext.c; new revision: 1.3; previous revision: 1.2
Attachment #308099 -
Attachment description: Patch v1 for NSS Trunk → Patch v1 for NSS Trunk (checked in)
|
|
Assignee | |
Comment 8•16 years ago
|
||
Comment on attachment 308098 [details] [diff] [review] patch v1 for NSS_3_11_BRANCH (checked in) nss/lib/ssl/ssl3ecc.c; new revision: 1.3.2.14; previous revision: 1.3.2.13
Attachment #308098 -
Attachment description: patch v1 for NSS_3_11_BRANCH → patch v1 for NSS_3_11_BRANCH (checked in)
|
|
Assignee | |
Updated•16 years ago
|
Status: ASSIGNED → RESOLVED
Closed: 16 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•