[gnutls-devel] GnuTLS | gnutls_x509_crt_check_hostname does not handle trailing dots (#1548)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Mon Apr 22 13:44:07 CEST 2024
Daniel Stenberg created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1548
The documentation for this function says it takes "a DNS name" as input. A DNS name can have a trailing dot. An SNI name cannot have a trailing dot.
TLS-wise, there is no difference between the two names but for DNS there is a difference. It seems GnuTLS wants the SNI name provided (without a trailing dot) as it seems to fail the verification if the trailing dot is provided in name passed in the hostname argument.
Maybe you could clarify if the passed in name can keep trailing dots or not? It seems we should pass in the name without it.
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1548
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240422/a535a142/attachment-0001.html>
More information about the Gnutls-devel
mailing list