_gnutls_hostname_compare: toupper vs. c_toupper

Simon Josefsson simon at josefsson.org
Fri May 20 22:48:04 CEST 2011

Nikos Mavrogiannopoulos <nmav at gnutls.org> writes:

> On 05/03/2011 10:53 PM, Kalle Olavi Niemitalo wrote:
>> In GnuTLS 2.8.6 and 2.10.5, _gnutls_hostname_compare uses toupper
>> on the characters of the hostname:
>>   /* find the first different character */
>>   for (; *certname && *hostname && toupper (*certname) == toupper (*hostname);
>>        certname++, hostname++, certnamesize--)
>>     ;
>> I suspect this should be c_toupper instead, so that 'i' matches
>> 'I' in hostnames even in a Turkish (or is that Turkic?) locale.
> You're right. This however makes it apparent that
> gnutls_x509_crt_check_hostname() does not really support
> internationalized DNS names...

I think that is intentional -- it is IDN unaware domain name slot, and
hence should only contain a ASCII domain.


More information about the Gnutls-devel mailing list