[gnutls-devel] [sr #108689] gnutls_x509_crt_check_hostname() and Internationalized Domain Names
Martin Lambers
INVALID.NOREPLY at gnu.org
Wed Nov 19 12:50:26 CET 2014
URL:
<http://savannah.gnu.org/support/?108689>
Summary: gnutls_x509_crt_check_hostname() and
Internationalized Domain Names
Project: GnuTLS
Submitted by: marlam
Submitted on: Wed 19 Nov 2014 12:50:24 PM CET
Category: Core library
Priority: 5 - Normal
Severity: 1 - Wish
Status: None
Privacy: Public
Assigned to: None
Originator Email:
Open/Closed: Open
Discussion Lock: Any
Operating System: None
_______________________________________________________
Details:
According to RFC 6125 section 6.4.2, host name checking must be performed on
the ASCII representation of Internationalized Domain Names (IDN).
Therefore, a client program currently must call idna_to_ascii_lz() from libidn
on the host name before passing it to gnutls_x509_crt_check_hostname().
It would be nice if gnutls_x509_crt_check_hostname() did this automatically
instead of using dubious byte-for-byte comparison of non-ASCII characters.
As an alternative, a new GNUTLS_VERIFY_IDN flag could be added and taken into
account by gnutls_x509_crt_check_hostname2().
This would result in easy support for IDN, in a similar way that the
getaddrinfo() function provides easy support for IDN nowadays via the AI_IDN
flag. Client programs would not have to deal with libidn at all in order to
support IDN.
Best regards,
Martin
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/support/?108689>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
More information about the Gnutls-devel
mailing list