aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl
diff options
context:
space:
mode:
authorQijiang Fan <[email protected]>2014-12-30 22:51:33 +0800
committerIngela Anderton Andin <[email protected]>2015-05-12 13:57:25 +0200
commit1e2569973101aaccdbb0c552948134cb1a58a7fd (patch)
tree46d6162b97388b78420463e8c95ec1045ab8b1ab /lib/ssl
parent4fe38c4b8b2c8024afb60990e598ff823743fd54 (diff)
downloadotp-1e2569973101aaccdbb0c552948134cb1a58a7fd.tar.gz
otp-1e2569973101aaccdbb0c552948134cb1a58a7fd.tar.bz2
otp-1e2569973101aaccdbb0c552948134cb1a58a7fd.zip
ssl: deny recursively defined sni_hosts
Diffstat (limited to 'lib/ssl')
-rw-r--r--lib/ssl/src/ssl.erl8
1 files changed, 7 insertions, 1 deletions
diff --git a/lib/ssl/src/ssl.erl b/lib/ssl/src/ssl.erl
index 54cc5e71b6..cebfb9e5ce 100644
--- a/lib/ssl/src/ssl.erl
+++ b/lib/ssl/src/ssl.erl
@@ -885,7 +885,13 @@ validate_option(server_name_indication, undefined) ->
validate_option(sni_hosts, []) ->
[];
validate_option(sni_hosts, [{Hostname, SSLOptions} | Tail]) when is_list(Hostname) ->
- [{Hostname, validate_options(SSLOptions)} | validate_option(sni_hosts, Tail)];
+ RecursiveSNIOptions = proplists:get_value(sni_hosts, SSLOptions, undefined),
+ case RecursiveSNIOptions of
+ undefined ->
+ [{Hostname, validate_options(SSLOptions)} | validate_option(sni_hosts, Tail)];
+ _ ->
+ throw({error, {options, {sni_hosts, RecursiveSNIOptions}}})
+ end;
validate_option(honor_cipher_order, Value) when is_boolean(Value) ->
Value;
validate_option(padding_check, Value) when is_boolean(Value) ->