diff options
| author | Peter Hartmann <peter.hartmann@nokia.com> | 2011-03-22 09:54:46 (GMT) |
|---|---|---|
| committer | Peter Hartmann <peter.hartmann@nokia.com> | 2011-03-22 10:15:52 (GMT) |
| commit | 3441c288be67c79c960e8386668731e55db60f0c (patch) | |
| tree | ddc497cf57d604cc90fb9dd66bff8195c5ce0fd8 /src/network/ssl/qsslsocket_openssl.cpp | |
| parent | f464bef8b0d8cd30a3c795558e5a7b28635ac057 (diff) | |
| download | Qt-3441c288be67c79c960e8386668731e55db60f0c.zip Qt-3441c288be67c79c960e8386668731e55db60f0c.tar.gz Qt-3441c288be67c79c960e8386668731e55db60f0c.tar.bz2 | |
SSL: send SNI extension only if not connecting to an IP
otherwise the host name and the name we send in the SNI header (the IP)
would not match.
Reviewed-by: Thiago Macieira
Reviewed-by: Richard J. Moore
Task-number: QTBUG-18258
Diffstat (limited to 'src/network/ssl/qsslsocket_openssl.cpp')
| -rw-r--r-- | src/network/ssl/qsslsocket_openssl.cpp | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp index c1b1712..d6967fe 100644 --- a/src/network/ssl/qsslsocket_openssl.cpp +++ b/src/network/ssl/qsslsocket_openssl.cpp @@ -418,7 +418,8 @@ init_context: if (tlsHostName.isEmpty()) tlsHostName = hostName; QByteArray ace = QUrl::toAce(tlsHostName); - if (!ace.isEmpty()) { + // only send the SNI header if the URL is valid and not an IP + if (!ace.isEmpty() && !QHostAddress().setAddress(tlsHostName)) { if (!q_SSL_ctrl(ssl, SSL_CTRL_SET_TLSEXT_HOSTNAME, TLSEXT_NAMETYPE_host_name, ace.constData())) qWarning("could not set SSL_CTRL_SET_TLSEXT_HOSTNAME, Server Name Indication disabled"); } |