fix tls server name extraction for ipv6 authorities in wasi-http#13686
fix tls server name extraction for ipv6 authorities in wasi-http#13686netliomax25-code wants to merge 2 commits into
Conversation
| /// wrong for the bracketed IPv6 form, so handle it explicitly and return the | ||
| /// bare address without brackets, which is what `rustls`' `ServerName` expects. | ||
| #[cfg(all(feature = "default-send-request", any(feature = "p2", feature = "p3")))] | ||
| fn tls_server_name(authority: &str) -> &str { |
There was a problem hiding this comment.
Could this return ServerName directly?
There was a problem hiding this comment.
Yep, it returns ServerName<'static> now.
| match authority.split_once(':') { | ||
| Some((host, _port)) => host, | ||
| None => authority, | ||
| } |
There was a problem hiding this comment.
What do you think about first trying https://doc.rust-lang.org/std/net/enum.SocketAddr.html#impl-FromStr-for-SocketAddr returning ServerName::IpAddress on success and otherwise trying to split off the : part and passing that to ServerName::try_from?
There was a problem hiding this comment.
Done. The helper now returns ServerName<'static> directly: it parses the authority as a SocketAddr first and returns ServerName::IpAddress on success, which handles the bracketed IPv6 form, and otherwise splits off the port and hands the host to ServerName::try_from. The authority always carries a port at this point (both p2 and p3 append 443/80 when none is given), so IP literals always parse as a SocketAddr. Both call sites just map_err the result now, dropping the local ServerName import and the to_owned(). Updated the unit test to assert on the resulting ServerName.
2 participants
ServerName) withauthority.split(":").next().[2001:db8::1]:443, so that split returns[2001andServerName::try_fromrejects it. HTTPS to an IPv6 literal then always fails the handshake, even though the TCP connect uses the full authority and reaches the right peer.Pull the host out of the authority directly, dropping the brackets for the IPv6 form, in one shared helper used by both sites. Added a unit test covering host:port, IPv4, and the bracketed IPv6 forms.