[gnutls-devel] GnuTLS | server_name: synchronize server name send/receive (remove dns check) (!1838)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Wed Jun 5 13:34:02 CEST 2024




Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1838#note_1936963468


Is my understanding correct that:
- SNI extension handling has sufficient length check at the TLS extension level, so there will not be an opportunity of buffer overrun
- The SNI hostname is never unmarshalled but compared (as an opaque data) with the one the server is serving

If both of the above are true, I don't oppose to remove the check. I tested with OpenSSL and it also doesn't check the well-formedness of the hostname.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1838#note_1936963468
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240605/b5e2ad70/attachment.html>


More information about the Gnutls-devel mailing list