[gnutls-devel] GnuTLS | gnutls_x509_crt_check_hostname does not handle trailing dots (#1548)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Tue Aug 27 10:24:20 CEST 2024
Daniel Stenberg commented: https://gitlab.com/gnutls/gnutls/-/issues/1548#note_2076883081
It will make GnuTLS stand out among TLS libraries to not be able to verify hostnames in certificates if they have a trailing dot. Hostnames in URLs are known to sometimes have trailing dots and they do make a difference to both HTTP servers and name resolvers.
But since SNI was defined to not have trailing dots, there is always some breakage involved.
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1548#note_2076883081
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240827/db29f3f2/attachment.html>
More information about the Gnutls-devel
mailing list