* Add validation tests for server_name_indication

Author: lukebakken

deps/rabbitmq_auth_backend_ldap/src/rabbit_auth_backend_ldap_mgmt.erl

@@ -190,8 +190,15 @@ tls_options(BodyMap) when is_map_key(ssl_options, BodyMap) ->
         disable ->
             TlsOpts3;
         SniValue ->
-            SniStr = unicode:characters_to_list(SniValue),
-            [{server_name_indication, SniStr} | TlsOpts3]
+            try
+                SniStr = unicode:characters_to_list(SniValue),
+                [{server_name_indication, SniStr} | TlsOpts3]
+            catch
+                error:badarg ->
+                    throw({bad_request, "invalid server_name_indication: expected string"});
+                error:_ ->
+                    throw({bad_request, "invalid server_name_indication: expected string"})
+            end
     end,
     TlsOpts5 = case maps:get(<<"depth">>, SslOptionsMap, undefined) of
         undefined ->

deps/rabbitmq_auth_backend_ldap/test/system_SUITE.erl

@@ -602,6 +602,34 @@ validate_ldap_configuration_via_api(Config) ->
                 'cacertfile' => CaCertfile
             }
         }, ?BAD_REQUEST),
+
+    %% Invalid server_name_indication - integer instead of string
+    http_put(Config, "/ldap/validate/simple-bind",
+        #{
+            'user_dn' => AliceUserDN,
+            'password' => Password,
+            'servers' => ["localhost"],
+            'port' => LdapTlsPort,
+            'use_ssl' => true,
+            'ssl_options' => #{
+                'server_name_indication' => 123,
+                'cacertfile' => CaCertfile
+            }
+        }, ?BAD_REQUEST),
+
+    %% Invalid server_name_indication - boolean instead of string
+    http_put(Config, "/ldap/validate/simple-bind",
+        #{
+            'user_dn' => AliceUserDN,
+            'password' => Password,
+            'servers' => ["localhost"],
+            'port' => LdapTlsPort,
+            'use_ssl' => true,
+            'ssl_options' => #{
+                'server_name_indication' => true,
+                'cacertfile' => CaCertfile
+            }
+        }, ?BAD_REQUEST),
     http_put(Config, "/ldap/validate/simple-bind",
         #{
             'user_dn' => AliceUserDN,