wbrawner/thunderbird-android
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request #7483 from new-sashok724/sashok724-ipv6-sni-fix

Browse source 
Add check to prevent the use of IP addresses as SNI hostnames
This commit is contained in:
cketti 2024-01-12 21:23:02 +01:00 committed by GitHub
commit d02c7c0a45
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 10 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
app-feature-preview/src/main/java/app/k9mail/feature/preview/auth/DefaultTrustedSocketFactory.java
View file

@ -14,6 +14,7 @@ import android.net.SSLCertificateSocketFactory;
import android.os.Build; import android.os.Build;
import android.text.TextUtils; import android.text.TextUtils;
import app.k9mail.core.common.net.HostNameUtils;
import com.fsck.k9.mail.MessagingException; import com.fsck.k9.mail.MessagingException;
import com.fsck.k9.mail.ssl.TrustManagerFactory; import com.fsck.k9.mail.ssl.TrustManagerFactory;
import com.fsck.k9.mail.ssl.TrustedSocketFactory; import com.fsck.k9.mail.ssl.TrustedSocketFactory;
@ -129,7 +130,10 @@ public class DefaultTrustedSocketFactory implements TrustedSocketFactory {
hardenSocket(sslSocket); hardenSocket(sslSocket);
// RFC 6066 does not permit the use of literal IPv4 or IPv6 addresses as SNI hostnames.
if (HostNameUtils.INSTANCE.isLegalIPAddress(host) == null) {
setSniHost(socketFactory, sslSocket, host); setSniHost(socketFactory, sslSocket, host);
}
return trustedSocket; return trustedSocket;
} }

4
app/core/src/main/java/com/fsck/k9/helper/DefaultTrustedSocketFactory.java
View file

@ -14,6 +14,7 @@ import android.net.SSLCertificateSocketFactory;
import android.os.Build; import android.os.Build;
import android.text.TextUtils; import android.text.TextUtils;
import app.k9mail.core.common.net.HostNameUtils;
import com.fsck.k9.mail.MessagingException; import com.fsck.k9.mail.MessagingException;
import com.fsck.k9.mail.ssl.TrustManagerFactory; import com.fsck.k9.mail.ssl.TrustManagerFactory;
import com.fsck.k9.mail.ssl.TrustedSocketFactory; import com.fsck.k9.mail.ssl.TrustedSocketFactory;
@ -129,7 +130,10 @@ public class DefaultTrustedSocketFactory implements TrustedSocketFactory {
hardenSocket(sslSocket); hardenSocket(sslSocket);
// RFC 6066 does not permit the use of literal IPv4 or IPv6 addresses as SNI hostnames.
if (HostNameUtils.INSTANCE.isLegalIPAddress(host) == null) {
setSniHost(socketFactory, sslSocket, host); setSniHost(socketFactory, sslSocket, host);
}
return trustedSocket; return trustedSocket;
} }