You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
RFC 5280 states that while uppercase and lowercase letters are allowed in domain names, no significance is attached to the case, meaning the case should be ignored when comparing domain names.
Most certificates don't have any uppercase letter in their domain name. But some do.
SwiftNIO SSL converts the server hostname to lowercase but doesn't convert the certificate's CN or SAN. Therefore, the domain name comparison always fails when the certificate has uppercase letters in its domain name.
This is a great catch, thanks. Are you interested in backporting your fix from swift-certificates? We're not cutting over to it immediately so it'd be nice to fix it in both places.
RFC 5280 states that while uppercase and lowercase letters are allowed in domain names, no significance is attached to the case, meaning the case should be ignored when comparing domain names.
Most certificates don't have any uppercase letter in their domain name. But some do.
SwiftNIO SSL converts the server hostname to lowercase but doesn't convert the certificate's CN or SAN. Therefore, the domain name comparison always fails when the certificate has uppercase letters in its domain name.
Steps to reproduce
Copy
cert.pem
andkey.pem
to the current directory.Run the server.
Try to connect to the server.
Expected result
A parsing error
invalid constant string
is thrown (the server is not a valid HTTP server).Actual result
NIOSSLExtraError.failedToValidateHostname: Couldn't find localhost in certificate from peer
is thrown.The text was updated successfully, but these errors were encountered: