Tonight, I spent a few hours implementing RFC5952: https://github.com/colmmacc/s2n/commit/4e7d2424b059b1350353fbb95c251d5ff024535e … ... because it turns out that there's no portable way to be sure that IPv6 strings will be in a canonical format. How is that not fixed in 2019? Crazy! Exact-match is needed in many applications.
-
-
This doesn't appear to be the case with s2n's SAN parser, however; here's a test case to make sure "127.0.0.1" gets passed to the callback when it's in a DNS SAN: https://github.com/awslabs/s2n/blob/e7def58f81e67ccc89e2f1db1b4088482ea2eeb2/tests/unit/s2n_x509_validator_test.c#L622-L656 …
- 1 more reply
New conversation -
-
-
We might add new ones, but we can't change the old one for back-compat reasons :)
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.