[gnutls-devel] GnuTLS | Remove trailing dot from hostname input (!709)

[Tim Rühsen]

rfc6125 doesn't answer this question. The trailing dot is only relevant when extending a name into a FQDN.   If we compare domains, we assume they are absolute, even when they don't have a trailing dot. (Is this a wrong assumption !?). So we have to ignore the trailing dot when comparing two (fully qualified = absolute) domains. The RFC calls it comparing label-by-label (case insensitive), which is IMO effectively the same.

If we assume that trailing dots are not allowed / not used in certificates nor in the TLS protocol, the best would be to to strip it from user input in the CLI tools and change nothing else.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/709#note_89289232
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180720/eac21b9d/attachment.html>