Validate server hostname for TLS SNI Checks that the hostname: - Is not empty - Does not start with a dot - Is not an IP address (SNI requires DNS names) - Does not contain null bytes - Does not exceed 253 characters (DNS limit) Returns Ok(()) if validation passes, or an appropriate error.
(hostname: &str, vm: &VirtualMachine)
| 349 | /// |
| 350 | /// Returns Ok(()) if validation passes, or an appropriate error. |
| 351 | fn validate_hostname(hostname: &str, vm: &VirtualMachine) -> PyResult<()> { |
| 352 | if hostname.is_empty() { |
| 353 | return Err(vm.new_value_error("server_hostname cannot be an empty string")); |
| 354 | } |
| 355 | |
| 356 | if hostname.starts_with('.') { |
| 357 | return Err(vm.new_value_error("server_hostname cannot start with a dot")); |
| 358 | } |
| 359 | |
| 360 | // IP addresses are allowed as server_hostname |
| 361 | // SNI will not be sent for IP addresses |
| 362 | |
| 363 | if hostname.contains('\0') { |
| 364 | return Err(vm.new_type_error("embedded null character")); |
| 365 | } |
| 366 | |
| 367 | if hostname.len() > 253 { |
| 368 | return Err(vm.new_value_error("server_hostname is too long (maximum 253 characters)")); |
| 369 | } |
| 370 | |
| 371 | Ok(()) |
| 372 | } |
| 373 | |
| 374 | // SNI certificate resolver that uses shared mutable state |
| 375 | // The Python SNI callback updates this state, and resolve() reads from it |
no test coverage detected