New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Ensure the host can be parsed as an IPv6 address. #6
Conversation
3fcf282
to
280d034
Compare
hyper-boring/src/lib.rs
Outdated
// it (otherwise, boring will fail to parse the host as an IP address, eventually | ||
// causing the handshake to fail due a hostname verification error). | ||
let host_or_ip = match (host.find('['), host.find(']')) { | ||
(Some(0), Some(i)) => &host[1..i], |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We need to ensure here that i == host.len() - 1
. Otherwise, we can strip a part of host, doesn't seem to be a safe thing to do. Should be smthg like:
let last = host.len() - 1;
if last > 0 && host[0] == '[' && host[last] == ']' {
host = &host[1..last];
}
Ideally we should also validate that what's enclosed in [ ]
is indeed and IPv6
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good point (host
is extracted from a valid Uri
, so I assumed it can only contain brackets if is a valid IPv6 address). That being said I'm happy to make this change.
@inikulin Thank you for the review. I made the changes you've suggested. |
Merge in ECO/boring-rpk from hyper-rpk to master * commit '7f2cdcd96b53a58c3e828cf4868f9965604bc107': MAL-359 Add RPK support to tokio-boring
If the host is an IPv6 address, the value returned by
Uri::host()
will include the surrounding brackets. This causes boring to fail to parse the host as an IP address. Eventually, this causes hostname verification to fail. I assume the hostname verification failure is due to the fact that the host will be compared with theDNSName
s fromSubjectAlternativeName
, instead of theIPAddress
es (set_ip
vsset_host
).