[gnutls-devel] GnuTLS | Remove trailing dot from hostname input (!709)

Tim Rühsen gitlab at mg.gitlab.com
Fri Jul 20 12:42:19 CEST 2018

rfc6125 doesn't answer this question. The trailing dot is only relevant when extending a name into a FQDN.   If we compare domains, we assume they are absolute, even when they don't have a trailing dot. (Is this a wrong assumption !?). So we have to ignore the trailing dot when comparing two (fully qualified = absolute) domains. The RFC calls it comparing label-by-label (case insensitive), which is IMO effectively the same.

If we assume that trailing dots are not allowed / not used in certificates nor in the TLS protocol, the best would be to to strip it from user input in the CLI tools and change nothing else.

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/709#note_89289232
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180720/eac21b9d/attachment.html>

More information about the Gnutls-devel mailing list