[gnutls-devel] [sr #108689] gnutls_x509_crt_check_hostname() and Internationalized Domain Names
INVALID.NOREPLY at gnu.org
Wed Nov 19 12:50:26 CET 2014
Summary: gnutls_x509_crt_check_hostname() and
Internationalized Domain Names
Submitted by: marlam
Submitted on: Wed 19 Nov 2014 12:50:24 PM CET
Category: Core library
Priority: 5 - Normal
Severity: 1 - Wish
Assigned to: None
Discussion Lock: Any
Operating System: None
According to RFC 6125 section 6.4.2, host name checking must be performed on
the ASCII representation of Internationalized Domain Names (IDN).
Therefore, a client program currently must call idna_to_ascii_lz() from libidn
on the host name before passing it to gnutls_x509_crt_check_hostname().
It would be nice if gnutls_x509_crt_check_hostname() did this automatically
instead of using dubious byte-for-byte comparison of non-ASCII characters.
As an alternative, a new GNUTLS_VERIFY_IDN flag could be added and taken into
account by gnutls_x509_crt_check_hostname2().
This would result in easy support for IDN, in a similar way that the
getaddrinfo() function provides easy support for IDN nowadays via the AI_IDN
flag. Client programs would not have to deal with libidn at all in order to
Reply to this item at:
Message sent via/by Savannah
More information about the Gnutls-devel