[gnutls-devel] GnuTLS | server_name: synchronize server name send/receive (remove dns check) (!1838)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Wed Jun 5 05:57:33 CEST 2024
Elliott Mitchell commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1838#note_1936198981
This _does_ decrease complexity by removing the extra check. Nothing about this necessarily reduces enforcement of RFC-compliance.
If a server does make use of SNI, then it will have some sort of table implementation. Enforcing RFC-compliance simply means the table needs to omit things which violate the RFC. Handling violations as simply no match seems simplest.
My thought is ensuring the string doesn't contain an embedded nul-character is appropriate protection for most server programs. Going much further risks making the implementation brittle and reducing potentially valuable functionality.
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1838#note_1936198981
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240605/5fe9b31f/attachment.html>
More information about the Gnutls-devel
mailing list