Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in / Register
Toggle navigation
Menu
Open sidebar
DNS testing tools
Remoh
Commits
639d2e15
Commit
639d2e15
authored
Dec 15, 2019
by
Stephane Bortzmeyer
Browse files
* [DoT] Fix SNI to send the A-label when the name is an IDN
* [DoT] Fix connection to use the address, not the name
parent
eff58cb8
Changes
1
Hide whitespace changes
Inline
Side-by-side
homer.py
View file @
639d2e15
...
...
@@ -205,8 +205,9 @@ class Connection:
# May be loop over the results of getaddrinfo, to test all
# the IP addresses? See #13.
self
.
sock
=
socket
.
socket
(
addrinfo
[
0
][
0
],
socket
.
SOCK_STREAM
)
self
.
addr
=
addrinfo
[
0
][
4
]
if
self
.
verbose
:
print
(
"Connecting to %s ..."
%
str
(
addrinfo
[
0
][
4
]
))
print
(
"Connecting to %s ..."
%
str
(
self
.
addr
))
# With typical DoT servers, we *must* use TLS 1.2 (otherwise,
# do_handshake fails with "OpenSSL.SSL.SysCallError: (-1, 'Unexpected
# EOF')" Typical HTTP servers are more lax.
...
...
@@ -220,8 +221,8 @@ class Connection:
OpenSSL
.
SSL
.
VERIFY_CLIENT_ONCE
,
lambda
conn
,
cert
,
errno
,
depth
,
preverify_ok
:
preverify_ok
)
self
.
session
=
OpenSSL
.
SSL
.
Connection
(
self
.
context
,
self
.
sock
)
self
.
session
.
set_tlsext_host_name
(
check
.
encode
())
# Server Name Indication (SNI)
self
.
session
.
connect
((
self
.
server
,
853
))
self
.
session
.
set_tlsext_host_name
(
canonicalize
(
check
)
.
encode
())
# Server Name Indication (SNI)
self
.
session
.
connect
((
self
.
addr
))
# TODO We may here have exceptions such as OpenSSL.SSL.ZeroReturnError
self
.
session
.
do_handshake
()
self
.
cert
=
self
.
session
.
get_peer_certificate
()
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment