ssl: deny recursively defined sni_hosts

author: Qijiang Fan <[email protected]> 2014-12-30 22:51:33 +0800
committer: Ingela Anderton Andin <[email protected]> 2015-05-12 13:57:25 +0200
commit: 1e2569973101aaccdbb0c552948134cb1a58a7fd (patch)
tree: 46d6162b97388b78420463e8c95ec1045ab8b1ab /lib/ssl
parent: 4fe38c4b8b2c8024afb60990e598ff823743fd54 (diff)
download: otp-1e2569973101aaccdbb0c552948134cb1a58a7fd.tar.gz
otp-1e2569973101aaccdbb0c552948134cb1a58a7fd.tar.bz2
otp-1e2569973101aaccdbb0c552948134cb1a58a7fd.zip
1 files changed, 7 insertions, 1 deletions
diff --git a/lib/ssl/src/ssl.erl b/lib/ssl/src/ssl.erl
index 54cc5e71b6..cebfb9e5ce 100644
--- a/lib/ssl/src/ssl.erl
+++ b/lib/ssl/src/ssl.erl
@@ -885,7 +885,13 @@ validate_option(server_name_indication, undefined) ->
 validate_option(sni_hosts, []) ->
     [];
 validate_option(sni_hosts, [{Hostname, SSLOptions} | Tail]) when is_list(Hostname) ->
-	[{Hostname, validate_options(SSLOptions)} | validate_option(sni_hosts, Tail)];
+	RecursiveSNIOptions = proplists:get_value(sni_hosts, SSLOptions, undefined),
+	case RecursiveSNIOptions of
+		undefined ->
+			[{Hostname, validate_options(SSLOptions)} | validate_option(sni_hosts, Tail)];
+		_ ->
+			throw({error, {options, {sni_hosts, RecursiveSNIOptions}}})
+	end;
 validate_option(honor_cipher_order, Value) when is_boolean(Value) ->
     Value;
 validate_option(padding_check, Value) when is_boolean(Value) ->
author	Qijiang Fan <[email protected]>	2014-12-30 22:51:33 +0800
committer	Ingela Anderton Andin <[email protected]>	2015-05-12 13:57:25 +0200
commit	1e2569973101aaccdbb0c552948134cb1a58a7fd (patch)
tree	46d6162b97388b78420463e8c95ec1045ab8b1ab /lib/ssl
parent	4fe38c4b8b2c8024afb60990e598ff823743fd54 (diff)
download	otp-1e2569973101aaccdbb0c552948134cb1a58a7fd.tar.gz otp-1e2569973101aaccdbb0c552948134cb1a58a7fd.tar.bz2 otp-1e2569973101aaccdbb0c552948134cb1a58a7fd.zip