Botan 3.11.1
Crypto and TLS for C&
Public Member Functions | Static Public Member Functions | List of all members
Botan::TLS::Server_Name_Indicator Class Referencefinal

#include <tls_extensions.h>

Inheritance diagram for Botan::TLS::Server_Name_Indicator:
Botan::TLS::Extension

Public Member Functions

bool empty () const override
std::string host_name () const
virtual bool is_implemented () const
std::vector< uint8_t > serialize (Connection_Side whoami) const override
 Server_Name_Indicator (std::string_view host_name)
 Server_Name_Indicator (TLS_Data_Reader &reader, uint16_t extension_size, Connection_Side from)
Extension_Code type () const override

Static Public Member Functions

static bool hostname_acceptable_for_sni (std::string_view hostname)
static Extension_Code static_type ()

Detailed Description

Server Name Indicator extension (RFC 3546)

Definition at line 103 of file tls_extensions.h.

Constructor & Destructor Documentation

◆ Server_Name_Indicator() [1/2]

Botan::TLS::Server_Name_Indicator::Server_Name_Indicator ( std::string_view host_name)
inlineexplicit

Definition at line 109 of file tls_extensions.h.

109: m_sni_host_name(host_name) {}
Botan::TLS::Server_Name_Indicator::host_name
std::string host_name() const
Definition tls_extensions.h:113

References host_name().

◆ Server_Name_Indicator() [2/2]

Botan::TLS::Server_Name_Indicator::Server_Name_Indicator ( TLS_Data_Reader & reader,
uint16_t extension_size,
Connection_Side from )

Definition at line 266 of file tls_extensions.cpp.

266 {
267 /*
268 RFC 6066 Section 3
269
270 A server that receives a client hello containing the "server_name"
271 extension MAY use the information contained in the extension to guide
272 its selection of an appropriate certificate to return to the client,
273 and/or other aspects of security policy. In this event, the server
274 SHALL include an extension of type "server_name" in the (extended)
275 server hello. The "extension_data" field of this extension SHALL be
276 empty.
277 */
278 if(from == Connection_Side::Server) {
279 if(extension_size != 0) {
280 throw TLS_Exception(Alert::IllegalParameter, "Server sent non-empty SNI extension");
281 }
282 } else {
283 // Clients are required to send at least one name in the SNI
284 if(extension_size == 0) {
285 throw TLS_Exception(Alert::IllegalParameter, "Client sent empty SNI extension");
286 }
287
288 const uint16_t name_bytes = reader.get_uint16_t();
289
290 if(name_bytes + 2 != extension_size || name_bytes < 3) {
291 throw Decoding_Error("Bad encoding of SNI extension");
292 }
293
294 BOTAN_ASSERT_NOMSG(reader.remaining_bytes() == name_bytes);
295
296 while(reader.has_remaining()) {
297 const uint8_t name_type = reader.get_byte();
298
299 if(name_type == 0) {
300 /*
301 RFC 6066 Section 3
302 The ServerNameList MUST NOT contain more than one name of the same name_type.
303 */
304 if(!m_sni_host_name.empty()) {
305 throw Decoding_Error("TLS ServerNameIndicator contains more than one host_name");
306 }
307 m_sni_host_name = reader.get_string(2, 1, 65535);
308 } else {
309 /*
310 Unknown name type - skip its length-prefixed value and continue
311
312 RFC 6066 Section 3
313 For backward compatibility, all future data structures associated
314 with new NameTypes MUST begin with a 16-bit length field.
315 */
316 const uint16_t unknown_name_len = reader.get_uint16_t();
317 reader.discard_next(unknown_name_len);
318 }
319 }
320 }
321}
BOTAN_ASSERT_NOMSG
#define BOTAN_ASSERT_NOMSG(expr)
Definition assert.h:75

References BOTAN_ASSERT_NOMSG, Botan::TLS::TLS_Data_Reader::discard_next(), Botan::TLS::TLS_Data_Reader::get_byte(), Botan::TLS::TLS_Data_Reader::get_string(), Botan::TLS::TLS_Data_Reader::get_uint16_t(), Botan::TLS::TLS_Data_Reader::has_remaining(), Botan::TLS::TLS_Data_Reader::remaining_bytes(), and Botan::TLS::Server.

Member Function Documentation

◆ empty()

bool Botan::TLS::Server_Name_Indicator::empty ( ) const
inlineoverridevirtual
Returns
if we should encode this extension or not

Implements Botan::TLS::Extension.

Definition at line 117 of file tls_extensions.h.

117{ return false; }

◆ host_name()

std::string Botan::TLS::Server_Name_Indicator::host_name ( ) const
inline

Definition at line 113 of file tls_extensions.h.

113{ return m_sni_host_name; }

Referenced by Server_Name_Indicator().

◆ hostname_acceptable_for_sni()

bool Botan::TLS::Server_Name_Indicator::hostname_acceptable_for_sni ( std::string_view hostname)
static

Definition at line 348 of file tls_extensions.cpp.

348 {
349 // Avoid sending an IPv4/IPv6 address in SNI as this is prohibited
350
351 if(hostname.empty()) {
352 return false;
353 }
354
355 if(string_to_ipv4(hostname).has_value()) {
356 return false;
357 }
358
359 // IPv6? Anyway ':' is not valid in DNS
360 if(hostname.find(':') != std::string_view::npos) {
361 return false;
362 }
363
364 return true;
365}
Botan::string_to_ipv4
std::optional< uint32_t > string_to_ipv4(std::string_view str)
Definition parsing.cpp:156

References Botan::string_to_ipv4().

Referenced by Botan::TLS::Client_Hello_12::Client_Hello_12(), Botan::TLS::Client_Hello_12::Client_Hello_12(), and Botan::TLS::Client_Hello_13::Client_Hello_13().

◆ is_implemented()

virtual bool Botan::TLS::Extension::is_implemented ( ) const
inlinevirtualinherited
Returns
true if this extension is known and implemented by Botan

Reimplemented in Botan::TLS::Unknown_Extension.

Definition at line 95 of file tls_extensions.h.

95{ return true; }

◆ serialize()

std::vector< uint8_t > Botan::TLS::Server_Name_Indicator::serialize ( Connection_Side whoami) const
overridevirtual
Returns
serialized binary for the extension

Implements Botan::TLS::Extension.

Definition at line 323 of file tls_extensions.cpp.

323 {
324 // RFC 6066
325 // [...] the server SHALL include an extension of type "server_name" in
326 // the (extended) server hello. The "extension_data" field of this
327 // extension SHALL be empty.
328 if(whoami == Connection_Side::Server) {
329 return {};
330 }
331
332 std::vector<uint8_t> buf;
333
334 const size_t name_len = m_sni_host_name.size();
335
336 buf.push_back(get_byte<0>(static_cast<uint16_t>(name_len + 3)));
337 buf.push_back(get_byte<1>(static_cast<uint16_t>(name_len + 3)));
338 buf.push_back(0); // DNS
339
340 buf.push_back(get_byte<0>(static_cast<uint16_t>(name_len)));
341 buf.push_back(get_byte<1>(static_cast<uint16_t>(name_len)));
342
343 buf += as_span_of_bytes(m_sni_host_name);
344
345 return buf;
346}
Botan::get_byte
constexpr uint8_t get_byte(T input)
Definition loadstor.h:79
Botan::as_span_of_bytes
std::span< const uint8_t > as_span_of_bytes(const char *s, size_t len)
Definition mem_utils.h:59

References Botan::as_span_of_bytes(), Botan::get_byte(), and Botan::TLS::Server.

◆ static_type()

Extension_Code Botan::TLS::Server_Name_Indicator::static_type ( )
inlinestatic

Definition at line 105 of file tls_extensions.h.

105{ return Extension_Code::ServerNameIndication; }

References Botan::TLS::ServerNameIndication.

Referenced by type().

◆ type()

Extension_Code Botan::TLS::Server_Name_Indicator::type ( ) const
inlineoverridevirtual
Returns
code number of the extension

Implements Botan::TLS::Extension.

Definition at line 107 of file tls_extensions.h.

107{ return static_type(); }
Botan::TLS::Server_Name_Indicator::static_type
static Extension_Code static_type()
Definition tls_extensions.h:105

References static_type().

The documentation for this class was generated from the following files:
Generated by doxygen 1.15.0