Force SNI to be the --xmpphost if passed

horazont · horazont · commit 769837bdaf8a · 2020-10-15T21:54:38.000+02:00
XMPP can be used with SNI in two contexts: - Standard RFC 6120 STARTTLS-based connections; in that case, SNI is most likely to be ignored, as XMPP uses another way to signal the target domain name (via the @to attribute on the stream header, which is already set correctly by testssl.sh). However, setting SNI to a different value than the @to attribute may lead to confusion. - XEP-0368 (XMPP-over-TLS) connections which omit the STARTTLS phase and go right for TLS (and inside that, XMPP). In that case, SNI is obviously required to be correct. XEP-0368 specifies that the SNI name MUST be the domain name of the service (not necessarily the host name of the endpoint, thanks to SRV records). Hence, this patch forces the SNI name to be the --xmpphost value, if --xmpphost is given. Note that it blatantly ignores whether XMPP is used otherwise.
diff --git a/testssl.sh b/testssl.sh
@@ -4522,10 +4522,11 @@ modify_clienthello() {
                # the SNI extension or replace it with the correct server name.
                sni_extension_found=true
                if [[ -n "$SNI" ]]; then
+                    servername=${XMPP_HOST:-${NODE}}
                     # Create a server name extension that corresponds to $SNI
-                    len_servername=${#NODE}
+                    len_servername=${#servername}
                     hexdump_format_str="$len_servername/1 \"%02x\""
-                    servername_hexstr=$(printf $NODE | hexdump -v -e "${hexdump_format_str}")
+                    servername_hexstr=$(printf $servername | hexdump -v -e "${hexdump_format_str}")
                     # convert lengths we need to fill in from dec to hex:
                     len_servername_hex=$(printf "%02x\n" $len_servername)
                     len_sni_listlen=$(printf "%02x\n" $((len_servername+3)))
@@ -14514,9 +14515,10 @@ prepare_tls_clienthello() {
                #00       # server_name type (hostname)
                #00 15    # server_name length
                #66 66 66 66 66 66 2e 66 66 66 66 66 66 66 66 66 66 2e 66 66 66  target.mydomain1.tld # server_name target
-               len_servername=${#NODE}
+               servername=${XMPP_HOST:-${NODE}}
+               len_servername=${#servername}
                hexdump_format_str="$len_servername/1 \"%02x,\""
-               servername_hexstr=$(printf $NODE | hexdump -v -e "${hexdump_format_str}" | sed 's/,$//')
+               servername_hexstr=$(printf $servername | hexdump -v -e "${hexdump_format_str}" | sed 's/,$//')
                # convert lengths we need to fill in from dec to hex:
                len_servername_hex=$(printf "%02x\n" $len_servername)
                len_sni_listlen=$(printf "%02x\n" $((len_servername+3)))
@@ -19710,7 +19712,12 @@ parse_hn_port() {
      fi
 
      debugme echo $NODE:$PORT
-     SNI="-servername $NODE"
+     if [[ -n "$XMPP_HOST" ]]; then
+          # XMPP host is set, force SNI to be that
+          SNI="-servername $XMPP_HOST"
+     else
+          SNI="-servername $NODE"
+     fi
      URL_PATH=$(sed 's/https:\/\///' <<< "$1" | sed 's/'"${NODE}"'//' | sed 's/.*'"${PORT}"'//')      # remove protocol and node part and port
      URL_PATH=$(sed 's/\/\//\//g' <<< "$URL_PATH")          # we rather want // -> /
      URL_PATH=${URL_PATH%%.}                                # strip trailing "." so that it is not interpreted as URL
