nts: support servers specified by IP address

Certificates can include IP addresses as alternative names to enable clients to verify such certificates without knowing the hostname. Accept an IP address as a name in the NTS-NTP client and modify the session code to not set the SNI in this case.
2025-12-06 21:45:07 -05:00 · 2021-01-14 16:31:07 +01:00
parent eb9e6701fd
commit 62389b7e50
2 changed files with 13 additions and 12 deletions
--- a/nts_ke_session.c
+++ b/nts_ke_session.c
@@ -225,9 +225,13 @@ create_tls_session(int server_mode, int sock_fd, const char *server_name,
  }

  if (!server_mode) {
-    r = gnutls_server_name_set(session, GNUTLS_NAME_DNS, server_name, strlen(server_name));
-    if (r < 0)
-      goto error;
+    assert(server_name);
+
+    if (!UTI_IsStringIP(server_name)) {
+      r = gnutls_server_name_set(session, GNUTLS_NAME_DNS, server_name, strlen(server_name));
+      if (r < 0)
+        goto error;
+    }

    flags = 0;