Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use case-insensitive comparison when validating cert domain name #175

Merged
merged 1 commit into from
May 15, 2024
Merged

Use case-insensitive comparison when validating cert domain name #175

merged 1 commit into from
May 15, 2024

Conversation

baarde
Copy link
Contributor

@baarde baarde commented May 14, 2024

This PR fixes #174.

Lukasa
Lukasa requested changes May 15, 2024
View reviewed changes
Copy link
Contributor

@Lukasa Lukasa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for this, and great catch! The callout is correct, but the citation is wrong. We're implementing the algorithm from RFC 6125, and § 6.4.1 is normative:

If the DNS domain name portion of a reference identifier is a
"traditional domain name", then matching of the reference identifier
against the presented identifier is performed by comparing the set of
domain name labels using a case-insensitive ASCII comparison

One minor style nit but otherwise this looks great.

Sources/X509/Verifier/ServerIdentityPolicy.swift Outdated Show resolved Hide resolved
@Lukasa
Copy link
Contributor

Lukasa commented May 15, 2024

@swift-server-bot test this please

@Lukasa
Copy link
Contributor

Lukasa commented May 15, 2024

Also another fix:

Sources/X509/Verifier/ServerIdentityPolicy.swift:403:1: warning: [TrailingWhitespace] remove trailing whitespace

@baarde baarde requested a review from Lukasa May 15, 2024 09:31
@Lukasa Lukasa added the 🔨 semver/patch No public API change. label May 15, 2024
Lukasa
Lukasa approved these changes May 15, 2024
View reviewed changes
Copy link
Contributor

@Lukasa Lukasa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Beautiful, this is a great patch, thanks.

@Lukasa
Copy link
Contributor

Lukasa commented May 15, 2024

@swift-server-bot test this please

@Lukasa Lukasa enabled auto-merge (squash) May 15, 2024 20:48
@Lukasa Lukasa merged commit 6f2dc4a into apple:main May 15, 2024
5 of 6 checks passed
@baarde baarde deleted the case-insensitive-domain-name branch May 16, 2024 09:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Lukasa Lukasa Lukasa approved these changes

Assignees
No one assigned
Labels
🔨 semver/patch No public API change.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Case-insensitive identity verification
2 participants
@baarde @Lukasa