Safely display SNI (just in case)

Thanks to Hubert Kario for pointing this out. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4193)
author: Rich Salz <rsalz@openssl.org> 2017-08-21 15:28:56 -0400
committer: Rich Salz <rsalz@openssl.org> 2017-08-21 15:28:56 -0400
commit: 0d68367a1279a369146661f4857816b2044116b4 (patch)
tree: 55adc3566c104117ceafff5d0913c4ff3ac3e01b
parent: 43f985fdbf4e5c2d5c95a717cc644f000de8bc75 (diff)
download: openssl-0d68367a1279a369146661f4857816b2044116b4.tar.gz
1 files changed, 11 insertions, 3 deletions
diff --git a/apps/s_server.c b/apps/s_server.c
index 0ee5519f96..8883994f8f 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -459,9 +459,17 @@ static int ssl_servername_cb(SSL *s, int *ad, void *arg)
 {
     tlsextctx *p = (tlsextctx *) arg;
     const char *servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
-    if (servername != NULL && p->biodebug != NULL)
-        BIO_printf(p->biodebug, "Hostname in TLS extension: \"%s\"\n",
-                   servername);
+
+    if (servername != NULL && p->biodebug != NULL) {
+        const char *cp = servername;
+        unsigned char uc;
+
+        BIO_printf(p->biodebug, "Hostname in TLS extension: \"");
+        while ((uc = *cp++) != 0)
+            BIO_printf(p->biodebug,
+                       isascii(uc) && isprint(uc) ? "%c" : "\\x%02x", uc);
+        BIO_printf(p->biodebug, "\"\n");
+    }
 
     if (p->servername == NULL)
         return SSL_TLSEXT_ERR_NOACK;
author	Rich Salz <rsalz@openssl.org>	2017-08-21 15:28:56 -0400
committer	Rich Salz <rsalz@openssl.org>	2017-08-21 15:28:56 -0400
commit	0d68367a1279a369146661f4857816b2044116b4 (patch)
tree	55adc3566c104117ceafff5d0913c4ff3ac3e01b
parent	43f985fdbf4e5c2d5c95a717cc644f000de8bc75 (diff)
download	openssl-0d68367a1279a369146661f4857816b2044116b4.tar.gz