ERL-1135: ssl: server_name_indication value shouldn't contain trailing dot

[OTP-Maintainer]

Original reporter: JIRAUSER13004 Affected versions: OTP-21.0, OTP-22.0 Fixed in version: OTP-22.3 Component: ssl Migrated from: https://bugs.erlang.org/browse/ERL-1135

---

As per TLS RFC, the client should send host_name without trailing dot [https://tools.ietf.org/html/rfc6066.html#section-3].
{code:java}
"HostName" contains the fully qualified DNS hostname of the server,
 as understood by the client. The hostname is represented as a byte
 string using ASCII encoding without a trailing dot.{code}
Currently, the hostname is used as host_name without any modification [code.|https://github.com/erlang/otp/blob/eaaf721457bac35c18980c5ad48ba4373f2b4145/lib/ssl/src/ssl.erl#L2528-L2531]  Servers response varies wildly, some throws errors, some logs warnings and some works without any kind of issue
{noformat}
ssl:connect("wallstreet.stg.veritrans.co.id.", 443, []).
=NOTICE REPORT==== 16-Jan-2020::12:00:54.589693 ===
TLS client: In state hello received SERVER ALERT: Fatal - Unexpected Message
{error,{tls_alert,{unexpected_message,"TLS client: In state hello received SERVER ALERT: Fatal - Unexpected Message\n "}}}

{noformat}
{code:java}
ssl:connect("www.example.com.", 443, []).
=NOTICE REPORT==== 16-Jan-2020::12:36:56.433549 ===
TLS client: In state hello received SERVER ALERT: Warning - Unrecognised Name
{ok,{sslsocket,{gen_tcp,#Port<0.10>,tls_connection,
 undefined},
 [<0.153.0>,<0.152.0>]}}

{code}
{code:java}
ssl:connect("www.google.com.", 443, []).
{ok,{sslsocket,{gen_tcp,#Port<0.11>,tls_connection,
 undefined},
 [<0.156.0>,<0.155.0>]}}{code}
 

[OTP-Maintainer]

ingela said:

I think this is an oversight when falling back to use the hostname  used in connect as SNI

it should be stripped of the trailing dot if it is present.  We will fix it for upcoming versions

of the ssl application.

 

[OTP-Maintainer]

ingela said:

Solution will be merged hopefully tomorrow. We are cuddling the test cases for different test host setups.