THRIFT-5343: TTlsSocketTransport does not resolve IPv4 addresses or validate hostnames correctly
Client: netstd
Patch: James Lacey
This closes #2322
diff --git a/lib/netstd/Thrift/Transport/Client/TTlsSocketTransport.cs b/lib/netstd/Thrift/Transport/Client/TTlsSocketTransport.cs
index 0980526..e3da6f4 100644
--- a/lib/netstd/Thrift/Transport/Client/TTlsSocketTransport.cs
+++ b/lib/netstd/Thrift/Transport/Client/TTlsSocketTransport.cs
@@ -38,6 +38,7 @@
private readonly LocalCertificateSelectionCallback _localCertificateSelectionCallback;
private readonly int _port;
private readonly SslProtocols _sslProtocols;
+ private readonly string _targetHost;
private TcpClient _client;
private SslStream _secureStream;
private int _timeout;
@@ -122,13 +123,13 @@
{
try
{
+ _targetHost = host;
+
var entry = Dns.GetHostEntry(host);
if (entry.AddressList.Length == 0)
throw new TTransportException(TTransportException.ExceptionType.Unknown, "unable to resolve host name");
- var addr = entry.AddressList[0];
-
- _host = new IPAddress(addr.GetAddressBytes(), addr.ScopeId);
+ _host = entry.AddressList[0];
_port = port;
_timeout = timeout;
_certificate = certificate;
@@ -239,7 +240,7 @@
? new X509CertificateCollection {_certificate}
: new X509CertificateCollection();
- var targetHost = _host.ToString();
+ var targetHost = _targetHost ?? _host.ToString();
await _secureStream.AuthenticateAsClientAsync(targetHost, certs, _sslProtocols, true);
}
}