From 4ee843b0206cd611cefb3dd8c61ecb73f23be101 Mon Sep 17 00:00:00 2001 From: Bouke van der Bijl Date: Thu, 9 Oct 2025 15:09:04 +0200 Subject: [PATCH] transport: handle ipv6 endpoints when tls is enabled Fixes #2422 --- tonic/src/transport/channel/tls.rs | 46 +++++++++++++++++++++++++++++- 1 file changed, 45 insertions(+), 1 deletion(-) diff --git a/tonic/src/transport/channel/tls.rs b/tonic/src/transport/channel/tls.rs index 794ec1f9d..ad810d468 100644 --- a/tonic/src/transport/channel/tls.rs +++ b/tonic/src/transport/channel/tls.rs @@ -136,7 +136,15 @@ impl ClientTlsConfig { pub(crate) fn into_tls_connector(self, uri: &Uri) -> Result { let domain = match &self.domain { Some(domain) => domain, - None => uri.host().ok_or_else(Error::new_invalid_uri)?, + None => { + let host = uri.host().ok_or_else(Error::new_invalid_uri)?; + // host() returns the host including brackets if it's an IPv6 address + if host.starts_with('[') && host.ends_with(']') { + &host[1..host.len() - 1] + } else { + host + } + } }; TlsConnector::new( self.certs, @@ -153,3 +161,39 @@ impl ClientTlsConfig { ) } } + +#[cfg(test)] +mod tests { + use super::*; + + #[test] + fn test_into_tls_connector_with_ipv4() { + let config = ClientTlsConfig::new(); + let uri = "https://192.168.1.1:443".parse::().unwrap(); + config.into_tls_connector(&uri).unwrap(); + } + + #[test] + fn test_into_tls_connector_with_ipv6_() { + let config = ClientTlsConfig::new(); + let uri = "https://[::1]:443".parse::().unwrap(); + + config.into_tls_connector(&uri).unwrap(); + } + + #[test] + fn test_into_tls_connector_with_domain_name() { + let config = ClientTlsConfig::new(); + let uri = "https://example.com:443".parse::().unwrap(); + + config.into_tls_connector(&uri).unwrap(); + } + + #[test] + fn test_into_tls_connector_with_explicit_domain() { + let config = ClientTlsConfig::new().domain_name("example.com"); + let uri = "https://[2001:db8::1]:443".parse::().unwrap(); + + config.into_tls_connector(&uri).unwrap(); + } +}