looking for terminology recommendations concerning non-rooted FQDNs
Brian Reichert
reichert at numachi.com
Mon Feb 25 14:30:34 UTC 2013
On Sun, Feb 24, 2013 at 12:10:20AM +1100, Mark Andrews wrote:
> > When I did my initial development with OpenSSL, I observed:
> >
> > - If I did not have the rooted domain name in the SAN, then any SSL
> > client stack would fail the verification if a rooted domain name
> > was used to connect to the SSL server.
>
> Well you have a broken SSL client app. If it is accepting non legal
> hostnames it should be normalising them before passing them to the ssl
> layer.
>From what little research I've done (only OpenSSL), the SSL client
is relying on getaddrinfo(3) to do name resolution. In turn, I
haven't found an implementation of getaddrinfo(3) that rejects
rooted domain names as non-legal.
Looking for couter-examples...
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
--
Brian Reichert <reichert at numachi.com>
BSD admin/developer at large
More information about the NANOG
mailing list