Closed Geal closed 6 years ago
Hmm, that unwrap seems like the wrong thing to do there, yeah. Whatever client is connecting to sozu is technically violating the SNI spec, but we shouldn't be panicking when they do so!
"HostName" contains the fully qualified DNS hostname of the server, as understood by the client. The hostname is represented as a byte string using ASCII encoding without a trailing dot. This allows the support of internationalized domain names through the use of A-labels defined in [RFC5890]. DNS hostnames are case-insensitive. The algorithm to compare hostnames is described in [RFC5890], Section 2.3.2.4.
Literal IPv4 and IPv6 addresses are not permitted in "HostName".
https://tools.ietf.org/html/rfc6066#section-3
We could decide that returning a &str
here is wrong, add servername2
that returns a &[u8]
, deprecate servername
and fix it all up in the next breaking release.
Alternatively, we could turn the panic into returning None
since the value isn't actually a valid HostName, and add a servername_raw
that returns a &[u8]
and doesn't do the filtering.
Hello,
we encountered a panic on Utf8Error in sozu's SNI callback: https://github.com/sozu-proxy/sozu/issues/468
Here is the stacktrace:
I think it is caused by the following code:
https://github.com/sfackler/rust-openssl/blob/master/openssl/src/ssl/mod.rs#L2376
Are there cases where openssl could return a string that is not encoded in valid UTF8?
If neede, here is sozu's SNI callback code: https://github.com/sozu-proxy/sozu/blob/master/lib/src/network/https_openssl.rs#L678-L713