[gnutls-devel] GnuTLS | Amend error code when SNI name is not accepted (!891)
Development of GNU's TLS library
gnutls-devel at lists.gnutls.org
Thu Jan 24 20:33:07 CET 2019
Nikos Mavrogiannopoulos started a new discussion on lib/ext/server_name.c:
> DECR_LEN(data_size, len);
>
> if (type == 0) { /* NAME_DNS */
> - if (!_gnutls_dnsname_is_valid((char*)p, len))
> - return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
> + if (!_gnutls_dnsname_is_valid((char*)p, len)) {
> + _gnutls_handshake_log
> + ("HSK[%p]: Server name is not acceptable: '%.*s'\n",
> + session, (int) len, p);
> + return gnutls_assert_val(GNUTLS_E_UNRECOGNIZED_NAME);
This error code is being mapped to alert `GNUTLS_A_UNRECOGNIZED_NAME` while on this alert we should send that this is an illegal parameter. What if we introduce a new error code (e.g., ILLEGAL_HOSTNAME) which maps to the illegal parameter alert?
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/891#note_134698940
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20190124/6083e4ba/attachment.html>
More information about the Gnutls-devel
mailing list