Do not send IP address as server_name entries and skip non-fatal (warning) alerts...

diff --git a/mcs/class/Mono.Security/Mono.Security.Protocol.Tls.Handshake.Client/TlsClientHello.cs b/mcs/class/Mono.Security/Mono.Security.Protocol.Tls.Handshake.Client/TlsClientHello.cs
index 535bb89e86900a94f9474fdaf2bc148331774f17..42ca34523a44e8215bb767e030d0b2cb1581a327 100644 (file)
--- a/mcs/class/Mono.Security/Mono.Security.Protocol.Tls.Handshake.Client/TlsClientHello.cs
+++ b/mcs/class/Mono.Security/Mono.Security.Protocol.Tls.Handshake.Client/TlsClientHello.cs
@@ -23,6 +23,7 @@
 //
 
 using System;
+using System.Net;
 using System.Security.Cryptography;
 
 namespace Mono.Security.Protocol.Tls.Handshake.Client
@@ -112,9 +113,17 @@ namespace Mono.Security.Protocol.Tls.Handshake.Client
                {
                        ProcessAsSsl3 ();
 
+                       // If applicable add the "server_name" extension to the hello message
                        // http://www.ietf.org/rfc/rfc3546.txt
+                       string host = Context.ClientSettings.TargetHost;
+                       // Our TargetHost might be an address (not a host *name*) - see bug #8553
+                       // RFC3546 -> Literal IPv4 and IPv6 addresses are not permitted in "HostName".
+                       IPAddress addr;
+                       if (IPAddress.TryParse (host, out addr))
+                               return;
+
                        TlsStream extensions = new TlsStream ();
-                       byte[] server_name = System.Text.Encoding.UTF8.GetBytes (Context.ClientSettings.TargetHost);
+                       byte[] server_name = System.Text.Encoding.UTF8.GetBytes (host);
                        extensions.Write ((short) 0x0000);                      // ExtensionType: server_name (0)
                        extensions.Write ((short) (server_name.Length + 5));    // ServerNameList (length)
                        extensions.Write ((short) (server_name.Length + 3));    // ServerName (length)

diff --git a/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslClientStream.cs b/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslClientStream.cs
index fd1e2c5e206fd8ff86d952d33e621f520213f298..0d4a4497200b008f15646c7bef888bce18d537a6 100644 (file)
--- a/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslClientStream.cs
+++ b/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslClientStream.cs
@@ -291,10 +291,10 @@ namespace Mono.Security.Protocol.Tls
                        }
                }
 
-               private void SafeReceiveRecord (Stream s)
+               private void SafeReceiveRecord (Stream s, bool ignoreEmpty = false)
                {
                        byte[] record = this.protocol.ReceiveRecord (s);
-                       if ((record == null) || (record.Length == 0)) {
+                       if (!ignoreEmpty && ((record == null) || (record.Length == 0))) {
                                throw new TlsException (
                                        AlertDescription.HandshakeFailiure,
                                        "The server stopped the handshake.");
@@ -308,8 +308,8 @@ namespace Mono.Security.Protocol.Tls
                        // Read server response
                        while (this.context.LastHandshakeMsg != HandshakeType.ServerHelloDone) 
                        {
-                               // Read next record
-                               SafeReceiveRecord (this.innerStream);
+                               // Read next record (skip empty, e.g. warnings alerts)
+                               SafeReceiveRecord (this.innerStream, true);
 
                                // special case for abbreviated handshake where no ServerHelloDone is sent from the server
                                if (this.context.AbbreviatedHandshake && (this.context.LastHandshakeMsg == HandshakeType.ServerHello))