+ DNS: TLS handshake: terminate handshake on bad SNI

2020-01-22 18:40:43 +03:00
parent ac156b9612
commit bfd1f3b650
2 changed files with 87 additions and 3 deletions
--- a/dnsforward/dnsforward_test.go
+++ b/dnsforward/dnsforward_test.go
@@ -10,6 +10,7 @@ import (
 	"encoding/pem"
 	"math/big"
 	"net"
+	"sort"
 	"sync"
 	"testing"
 	"time"
@@ -887,3 +888,15 @@ func TestIpFromAddr(t *testing.T) {
 	a = ipFromAddr(nil)
 	assert.True(t, a == "")
 }
+
+func TestMatchDNSName(t *testing.T) {
+	dnsNames := []string{"host1", "*.host2", "1.2.3.4"}
+	sort.Strings(dnsNames)
+	assert.True(t, matchDNSName(dnsNames, "host1"))
+	assert.True(t, matchDNSName(dnsNames, "a.host2"))
+	assert.True(t, matchDNSName(dnsNames, "b.a.host2"))
+	assert.True(t, matchDNSName(dnsNames, "1.2.3.4"))
+	assert.True(t, !matchDNSName(dnsNames, "host2"))
+	assert.True(t, !matchDNSName(dnsNames, ""))
+	assert.True(t, !matchDNSName(dnsNames, "*.host2"))
+}