Add isc_tls_valid_sni_hostname()

Add a function that checks if a 'hostname' is not a valid IPv4 or IPv6 address. Returns 'true' if the hostname is likely a domain name, and 'false' if it represents an IP address.
2026-05-28 04:34:54 -04:00 · 2025-03-28 09:20:16 +02:00 · 2025-03-28 09:20:16 +02:00 · 1f199ee606
commit 1f199ee606
parent f090709ec3
2 changed files with 31 additions and 0 deletions
--- a/lib/isc/include/isc/tls.h
+++ b/lib/isc/include/isc/tls.h
@ -608,6 +608,14 @@ isc_tlsctx_set_random_session_id_context(isc_tlsctx_t *ctx);
 *\li   'ctx' - a valid non-NULL pointer;
 */

+bool
+isc_tls_valid_sni_hostname(const char *hostname);
+/*%<
+ * Checks if a 'hostname' is not a valid IPv4 or IPv6 address
+ * string. Returns 'true' if the hostname is likely a domain name, and
+ * 'false' if it represents an IP address.
+ */
+
 #define isc_tlserr2result(category, module, funcname, fallback)            \
 	isc__tlserr2result(category, module, funcname, fallback, __FILE__, \
 			   __LINE__)
--- a/lib/isc/tls.c
+++ b/lib/isc/tls.c
@ -1528,6 +1528,29 @@ isc_tlsctx_set_random_session_id_context(isc_tlsctx_t *ctx) {
 		SSL_CTX_set_session_id_context(ctx, session_id_ctx, len) == 1);
 }

+bool
+isc_tls_valid_sni_hostname(const char *hostname) {
+	struct sockaddr_in sa_v4 = { 0 };
+	struct sockaddr_in6 sa_v6 = { 0 };
+	int ret = 0;
+
+	if (hostname == NULL) {
+		return false;
+	}
+
+	ret = inet_pton(AF_INET, hostname, &sa_v4.sin_addr);
+	if (ret == 1) {
+		return false;
+	}
+
+	ret = inet_pton(AF_INET6, hostname, &sa_v6.sin6_addr);
+	if (ret == 1) {
+		return false;
+	}
+
+	return true;
+}
+
 static isc_result_t
 isc__tls_toresult(isc_result_t fallback) {
 	isc_result_t result = fallback;