diff options
author | Qijiang Fan <[email protected]> | 2014-12-30 22:51:33 +0800 |
---|---|---|
committer | Ingela Anderton Andin <[email protected]> | 2015-05-12 13:57:25 +0200 |
commit | 1e2569973101aaccdbb0c552948134cb1a58a7fd (patch) | |
tree | 46d6162b97388b78420463e8c95ec1045ab8b1ab | |
parent | 4fe38c4b8b2c8024afb60990e598ff823743fd54 (diff) | |
download | otp-1e2569973101aaccdbb0c552948134cb1a58a7fd.tar.gz otp-1e2569973101aaccdbb0c552948134cb1a58a7fd.tar.bz2 otp-1e2569973101aaccdbb0c552948134cb1a58a7fd.zip |
ssl: deny recursively defined sni_hosts
-rw-r--r-- | lib/ssl/src/ssl.erl | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/lib/ssl/src/ssl.erl b/lib/ssl/src/ssl.erl index 54cc5e71b6..cebfb9e5ce 100644 --- a/lib/ssl/src/ssl.erl +++ b/lib/ssl/src/ssl.erl @@ -885,7 +885,13 @@ validate_option(server_name_indication, undefined) -> validate_option(sni_hosts, []) -> []; validate_option(sni_hosts, [{Hostname, SSLOptions} | Tail]) when is_list(Hostname) -> - [{Hostname, validate_options(SSLOptions)} | validate_option(sni_hosts, Tail)]; + RecursiveSNIOptions = proplists:get_value(sni_hosts, SSLOptions, undefined), + case RecursiveSNIOptions of + undefined -> + [{Hostname, validate_options(SSLOptions)} | validate_option(sni_hosts, Tail)]; + _ -> + throw({error, {options, {sni_hosts, RecursiveSNIOptions}}}) + end; validate_option(honor_cipher_order, Value) when is_boolean(Value) -> Value; validate_option(padding_check, Value) when is_boolean(Value) -> |