[gnutls-devel] GnuTLS | server_name: synchronize server name send/receive (remove dns check) (!1838)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Sat May 18 22:35:09 CEST 2024 


Elliott Mitchell created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1838

Project:Branches: ehem/gnutls:master to gnutls/gnutls:master
Author:   Elliott Mitchell




The result of doing rough checking of DNS validity on receive is it makes the library conservative on reception, liberal on send.  This is the exact opposite of the need of interoperability.  Further while IPv6 addresses were being rejected by the rough test, IPv4 addresses were being accepted.  This can enhance shadow networks and increase trouble, rather than reducing it.

I suspect most server programs using GnuTLS can likely deal with more or less arbitrary names.  As such, rejecting nul characters is about the only reasonable test.  I believe this means the existing tests continue to behave.

I'm quite unsure of how the situation should be handled, but the mismatch between IPv4/IPv6 addresses and the checking on reception not send are both **highly** problematic.

## Checklist
 * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author
 * [ ] Code modified for feature
 * [ ] Test suite updated with functionality tests
 * [ ] Test suite updated with negative tests
 * [ ] Documentation updated / NEWS entry present (for non-trivial changes)
 * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout)

## Reviewer's checklist:
 * [ ] Any issues marked for closing are addressed
 * [ ] There is a test suite reasonably covering new functionality or modifications
 * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md`
 * [ ] This feature/change has adequate documentation added
 * [ ] No obvious mistakes in the code

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1838
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240518/b82c71e5/attachment.html>

More information about the Gnutls-devel mailing list