SNI extension parsing does not follow RFC 6066 #1771
Description
There are few issues with the way OpenSSL handles the SNI extension, as described in RFC 6066.
- The library does not sanity check the host_name names before passing them to application (e.g. s_server prints names with ANSI escape codes on the command line)
- SNI extension with multiple items of different types are rejected by server with a decode_error alert
- In case client offers session resumption to the server, SNI extension is completely ignored (even malformed extension does not generate an alert)
I have tested current 1.0.1, 1.0.2 and master branches (9d9e053, 45f4761, 2df7f11), all present the same behaviour.
Reproducer:
openssl req -x509 -newkey rsa -keyout localhost.key -out localhost.crt -subj /CN=localhost -nodes -batch
openssl req -x509 -newkey rsa -keyout example.key -out example.crt -subj /CN=example.com -nodes -batch
openssl s_server -key localhost.key -cert localhost.crt -www -servername example.com -cert2 example.crt -key2 example.key -servername_fatal
In another console:
git clone https://github.com/tomato42/tlsfuzzer.git
pushd tlsfuzzer
git checkout sni-tests
git clone https://github.com/tomato42/tlslite-ng.git .tlslite-ng
ln -s .tlslite-ng/tlslite tlslite
git clone https://github.com/warner/python-ecdsa.git .python-ecdsa
ln -s .python-ecdsa/ecdsa ecdsa
PYTHONPATH=. python scripts/test-invalid-server-name-extension.py --sni example.com
PYTHONPATH=. python scripts/test-invalid-server-name-extension-resumption.py --sni example.com