summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/network/ssl/qsslsocket_openssl.cpp3
-rw-r--r--tests/auto/qsslsocket/tst_qsslsocket.cpp6
2 files changed, 6 insertions, 3 deletions
diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp
index c1b1712..d6967fe 100644
--- a/src/network/ssl/qsslsocket_openssl.cpp
+++ b/src/network/ssl/qsslsocket_openssl.cpp
@@ -418,7 +418,8 @@ init_context:
if (tlsHostName.isEmpty())
tlsHostName = hostName;
QByteArray ace = QUrl::toAce(tlsHostName);
- if (!ace.isEmpty()) {
+ // only send the SNI header if the URL is valid and not an IP
+ if (!ace.isEmpty() && !QHostAddress().setAddress(tlsHostName)) {
if (!q_SSL_ctrl(ssl, SSL_CTRL_SET_TLSEXT_HOSTNAME, TLSEXT_NAMETYPE_host_name, ace.constData()))
qWarning("could not set SSL_CTRL_SET_TLSEXT_HOSTNAME, Server Name Indication disabled");
}
diff --git a/tests/auto/qsslsocket/tst_qsslsocket.cpp b/tests/auto/qsslsocket/tst_qsslsocket.cpp
index ef5833ef..472be69 100644
--- a/tests/auto/qsslsocket/tst_qsslsocket.cpp
+++ b/tests/auto/qsslsocket/tst_qsslsocket.cpp
@@ -918,13 +918,15 @@ void tst_QSslSocket::protocolServerSide_data()
QTest::newRow("ssl3-tls1") << QSsl::SslV3 << QSsl::TlsV1 << false;
QTest::newRow("ssl3-tls1ssl3") << QSsl::SslV3 << QSsl::TlsV1SslV3 << true;
QTest::newRow("ssl3-secure") << QSsl::SslV3 << QSsl::SecureProtocols << true;
- QTest::newRow("ssl3-any") << QSsl::SslV3 << QSsl::AnyProtocol << true;
+ QTest::newRow("ssl3-any") << QSsl::SslV3 << QSsl::AnyProtocol << false; // we wont set a SNI header here because we connect to a
+ // numerical IP, so OpenSSL will send a SSL 2 handshake
QTest::newRow("tls1-ssl2") << QSsl::TlsV1 << QSsl::SslV2 << false;
QTest::newRow("tls1-ssl3") << QSsl::TlsV1 << QSsl::SslV3 << false;
QTest::newRow("tls1-tls1ssl3") << QSsl::TlsV1 << QSsl::TlsV1SslV3 << true;
QTest::newRow("tls1-secure") << QSsl::TlsV1 << QSsl::SecureProtocols << true;
- QTest::newRow("tls1-any") << QSsl::TlsV1 << QSsl::AnyProtocol << true;
+ QTest::newRow("tls1-any") << QSsl::TlsV1 << QSsl::AnyProtocol << false; // we wont set a SNI header here because we connect to a
+ // numerical IP, so OpenSSL will send a SSL 2 handshake
QTest::newRow("tls1ssl3-ssl2") << QSsl::TlsV1SslV3 << QSsl::SslV2 << false;
QTest::newRow("tls1ssl3-ssl3") << QSsl::TlsV1SslV3 << QSsl::SslV3 << true;
generated by cgit v0.12 at 2025-01-18 22:32:43 (GMT)