Add isc_tls_valid_sni_hostname()

Add a function that checks if a 'hostname' is not a valid IPv4 or IPv6 address. Returns 'true' if the hostname is likely a domain name, and 'false' if it represents an IP address. (cherry picked from commit 1f199ee606)
2026-04-24 07:41:10 -04:00 · 2025-03-28 09:20:16 +02:00 · 2025-03-28 09:20:16 +02:00 · 634625be07
commit 634625be07
parent d05f4b4b9b
2 changed files with 31 additions and 0 deletions
--- a/lib/isc/include/isc/tls.h
+++ b/lib/isc/include/isc/tls.h
@ -607,6 +607,14 @@ isc_tlsctx_set_random_session_id_context(isc_tlsctx_t *ctx);
 *\li   'ctx' - a valid non-NULL pointer;
 */

+bool
+isc_tls_valid_sni_hostname(const char *hostname);
+/*%<
+ * Checks if a 'hostname' is not a valid IPv4 or IPv6 address
+ * string. Returns 'true' if the hostname is likely a domain name, and
+ * 'false' if it represents an IP address.
+ */
+
 void
 isc__tls_initialize(void);

--- a/lib/isc/tls.c
+++ b/lib/isc/tls.c
@ -1807,3 +1807,26 @@ isc_tlsctx_set_random_session_id_context(isc_tlsctx_t *ctx) {
 	RUNTIME_CHECK(
 		SSL_CTX_set_session_id_context(ctx, session_id_ctx, len) == 1);
 }
+
+bool
+isc_tls_valid_sni_hostname(const char *hostname) {
+	struct sockaddr_in sa_v4 = { 0 };
+	struct sockaddr_in6 sa_v6 = { 0 };
+	int ret = 0;
+
+	if (hostname == NULL) {
+		return false;
+	}
+
+	ret = inet_pton(AF_INET, hostname, &sa_v4.sin_addr);
+	if (ret == 1) {
+		return false;
+	}
+
+	ret = inet_pton(AF_INET6, hostname, &sa_v6.sin6_addr);
+	if (ret == 1) {
+		return false;
+	}
+
+	return true;
+}