From 0d68367a1279a369146661f4857816b2044116b4 Mon Sep 17 00:00:00 2001 From: Rich Salz Date: Mon, 21 Aug 2017 15:28:56 -0400 Subject: [PATCH] Safely display SNI (just in case) Thanks to Hubert Kario for pointing this out. Reviewed-by: Andy Polyakov (Merged from https://github.com/openssl/openssl/pull/4193) --- apps/s_server.c | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/apps/s_server.c b/apps/s_server.c index 0ee5519f96..8883994f8f 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -459,9 +459,17 @@ static int ssl_servername_cb(SSL *s, int *ad, void *arg) { tlsextctx *p = (tlsextctx *) arg; const char *servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name); - if (servername != NULL && p->biodebug != NULL) - BIO_printf(p->biodebug, "Hostname in TLS extension: \"%s\"\n", - servername); + + if (servername != NULL && p->biodebug != NULL) { + const char *cp = servername; + unsigned char uc; + + BIO_printf(p->biodebug, "Hostname in TLS extension: \""); + while ((uc = *cp++) != 0) + BIO_printf(p->biodebug, + isascii(uc) && isprint(uc) ? "%c" : "\\x%02x", uc); + BIO_printf(p->biodebug, "\"\n"); + } if (p->servername == NULL) return SSL_TLSEXT_ERR_NOACK;