if (sslAuthenticationOptions.IsClient)
{
- if (!string.IsNullOrEmpty(sslAuthenticationOptions.TargetHost))
+ if (!string.IsNullOrEmpty(sslAuthenticationOptions.TargetHost) && !TargetHostNameHelper.IsValidAddress(sslAuthenticationOptions.TargetHost))
{
// Similar to windows behavior, set SNI on openssl by default for client context, ignore errors.
if (!Ssl.SslSetTlsExtHostName(sslHandle, sslAuthenticationOptions.TargetHost))
MsQuicHelpers.SetMsQuicParameter(_handle, QUIC_PARAM_CONN_LOCAL_ADDRESS, quicAddress);
}
- // RFC 6066 forbids IP literals
- // DNI mapping is handled by MsQuic
- string hostname = TargetHostNameHelper.IsValidAddress(options.ClientAuthenticationOptions.TargetHost)
- ? string.Empty
- : options.ClientAuthenticationOptions.TargetHost ?? string.Empty;
-
_sslConnectionOptions = new SslConnectionOptions(
this,
isClient: true,
- hostname,
+ options.ClientAuthenticationOptions.TargetHost ?? string.Empty,
certificateRequired: true,
options.ClientAuthenticationOptions.CertificateRevocationCheckMode,
options.ClientAuthenticationOptions.RemoteCertificateValidationCallback,
options.ClientAuthenticationOptions.CertificateChainPolicy?.Clone());
_configuration = MsQuicConfiguration.Create(options);
- IntPtr targetHostPtr = Marshal.StringToCoTaskMemUTF8(options.ClientAuthenticationOptions.TargetHost ?? host ?? address?.ToString());
+ // RFC 6066 forbids IP literals
+ // DNI mapping is handled by MsQuic
+ string sni = (TargetHostNameHelper.IsValidAddress(options.ClientAuthenticationOptions.TargetHost) ? null : options.ClientAuthenticationOptions.TargetHost) ?? host ?? address?.ToString() ?? string.Empty;
+
+ IntPtr targetHostPtr = Marshal.StringToCoTaskMemUTF8(sni);
try
{
unsafe
await using (clientConnection)
await using (serverConnection)
{
- Assert.Equal(expectedHostName, clientConnection.TargetHostName);
+ Assert.Equal(hostname, clientConnection.TargetHostName);
Assert.Equal(expectedHostName, serverConnection.TargetHostName);
}
}
Interop.AndroidCrypto.SSLStreamRequestClientAuthentication(handle);
}
- if (!isServer && !string.IsNullOrEmpty(authOptions.TargetHost))
+ if (!isServer && !string.IsNullOrEmpty(authOptions.TargetHost) && !TargetHostNameHelper.IsValidAddress(authOptions.TargetHost))
{
Interop.AndroidCrypto.SSLStreamSetTargetHost(handle, authOptions.TargetHost);
}
throw;
}
- if (!string.IsNullOrEmpty(sslAuthenticationOptions.TargetHost) && !sslAuthenticationOptions.IsServer)
+ if (!string.IsNullOrEmpty(sslAuthenticationOptions.TargetHost) && !sslAuthenticationOptions.IsServer && !TargetHostNameHelper.IsValidAddress(sslAuthenticationOptions.TargetHost))
{
Interop.AppleCrypto.SslSetTargetName(_sslContext, sslAuthenticationOptions.TargetHost);
}
IsServer = false;
RemoteCertRequired = true;
CertificateContext = sslClientAuthenticationOptions.ClientCertificateContext;
-
- // RFC 6066 forbids IP literals
- TargetHost = TargetHostNameHelper.IsValidAddress(sslClientAuthenticationOptions.TargetHost)
- ? string.Empty
- : sslClientAuthenticationOptions.TargetHost ?? string.Empty;
+ TargetHost = sslClientAuthenticationOptions.TargetHost ?? string.Empty;
// Client specific options.
CertificateRevocationCheckMode = sslClientAuthenticationOptions.CertificateRevocationCheckMode;
server.AuthenticateAsServerAsync(serverOptions, default));
Assert.Equal(string.Empty, server.TargetHostName);
- Assert.Equal(string.Empty, client.TargetHostName);
+ Assert.Equal(target, client.TargetHostName);
}
[Theory]