Uploaded image for project: 'Erlang/OTP'
  1. Erlang/OTP
  2. ERL-1135

ssl: server_name_indication value shouldn't contain trailing dot

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 21.0, 22.0
    • Fix Version/s: 22.3
    • Component/s: ssl
    • Labels:
      None

      Description

      As per TLS RFC, the client should send host_name without trailing dot https://tools.ietf.org/html/rfc6066.html#section-3.

      "HostName" contains the fully qualified DNS hostname of the server,
       as understood by the client. The hostname is represented as a byte
       string using ASCII encoding without a trailing dot.

      Currently, the hostname is used as host_name without any modification code.  Servers response varies wildly, some throws errors, some logs warnings and some works without any kind of issue

      ssl:connect("wallstreet.stg.veritrans.co.id.", 443, []).
      =NOTICE REPORT==== 16-Jan-2020::12:00:54.589693 ===
      TLS client: In state hello received SERVER ALERT: Fatal - Unexpected Message
      {error,{tls_alert,{unexpected_message,"TLS client: In state hello received SERVER ALERT: Fatal - Unexpected Message\n "}}}
      
      
      ssl:connect("www.example.com.", 443, []).
      =NOTICE REPORT==== 16-Jan-2020::12:36:56.433549 ===
      TLS client: In state hello received SERVER ALERT: Warning - Unrecognised Name
      {ok,{sslsocket,{gen_tcp,#Port<0.10>,tls_connection,
       undefined},
       [<0.153.0>,<0.152.0>]}}
      
      
      ssl:connect("www.google.com.", 443, []).
      {ok,{sslsocket,{gen_tcp,#Port<0.11>,tls_connection,
       undefined},
       [<0.156.0>,<0.155.0>]}}

       

        Attachments

          Activity

            People

            Assignee:
            otp_team_ps Team PS
            Reporter:
            ananthakumaran Anantha Kumaran
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: