By my count, there are 926,834 different legally valid ways to express the all-zeroes IPv6 address "::" as a string, which I think is the worst case. That's a huge search space, so looking for them all isn't going to do. Showing my work:https://gist.github.com/colmmacc/aa0013c571ab9deeccbf67670ef1b778 …
-
-
Show this thread
-
@andrew729 points out that I might be stretching it with "legally" because the RFC says :: is a "MUST". So these are the 926,834 ways that inet_pton or getaddrinfo will accept the same address. This whole thing started because we saw 0:0:0:0... in an X509 dump.Show this thread
End of conversation
New conversation -
-
-
Why do you need inet_ntop to verify an IPv6 SAN? The address is stored as 16 octets so verification should just be a memcmp.
-
We have an existing verify_host callback fn that a s2n caller can set. It takes a string as an argument, so we have to turn the 16 octets into a string for that function. I want to make sure that the format is always canonicalized and the callback will work the same everywhere.
- 3 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.