Commit 2e94ccee authored by Daniel Salzman's avatar Daniel Salzman

kdig: don't set SNI, which breaks TLS connection if an IP address is used

rfc6066#section-3: "Literal IPv4 and IPv6 addresses are not permitted in "HostName".

Anyway, this information is almost useless in the case of DNS.
parent 3824cf69
......@@ -333,7 +333,7 @@ int net_connect(net_t *net)
// Establish TLS connection.
if (net->tls.params != NULL) {
int ret = tls_ctx_connect(&net->tls, sockfd, net->remote->name);
int ret = tls_ctx_connect(&net->tls, sockfd, NULL);
if (ret != KNOT_EOK) {
close(sockfd);
return ret;
......
......@@ -291,7 +291,7 @@ int tls_ctx_init(tls_ctx_t *ctx, const tls_params_t *params, int wait)
int tls_ctx_connect(tls_ctx_t *ctx, int sockfd, const char *remote)
{
if (ctx == NULL || remote == NULL) {
if (ctx == NULL) {
return KNOT_EINVAL;
}
......@@ -311,10 +311,12 @@ int tls_ctx_connect(tls_ctx_t *ctx, int sockfd, const char *remote)
return KNOT_NET_ECONNECT;
}
ret = gnutls_server_name_set(ctx->session, GNUTLS_NAME_DNS, remote,
strlen(remote));
if (ret != GNUTLS_E_SUCCESS) {
return KNOT_NET_ECONNECT;
if (remote != NULL) {
ret = gnutls_server_name_set(ctx->session, GNUTLS_NAME_DNS, remote,
strlen(remote));
if (ret != GNUTLS_E_SUCCESS) {
return KNOT_NET_ECONNECT;
}
}
gnutls_session_set_ptr(ctx->session, ctx);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment