[gnutls-devel] GnuTLS | gnutls_x509_crt_check_hostname does not handle trailing dots (#1548)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Tue Aug 27 10:18:02 CEST 2024
Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/issues/1548#note_2076870468
I don't have a strong opinion, but I'm leaning to fixing this as a documentation issue, i.e., clearly state that trailing dots are not allowed.
The references I could only find are:
- RFC 9525 section 6.3 [says](https://www.rfc-editor.org/rfc/rfc9525#section-6.3) "If the DNS domain name portion of a reference identifier is not an internationalized domain name (i.e., an FQDN that conforms to "preferred name syntax" as described in Section 3.5 of [DNS-CONCEPTS](https://www.rfc-editor.org/rfc/rfc9525#RFC1034)), ..."
- The referred section 3.5 of RFC 1034 doesn't allow trailing dots
On the other hand, section 6.1.4.3 of RFC 1123 [mentions](https://www.rfc-editor.org/rfc/rfc1123#page-82) a facility that allows users to indicate the input name is complete with a trailing dot. IMO such facility could be better implemented in the application, rather than the library function.
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1548#note_2076870468
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240827/e6007092/attachment.html>
More information about the Gnutls-devel
mailing list