Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Add IDN TLD support #2278
Further testing revealed that the rate-limiting code in
However, it fails for suffixes with multiple IDN labels (
(This is not too bad, since there aren't exactly too many multi-label IDN suffixes on the list and the only effect would be that rate limiting scope is applied too strictly, but we might as well get it right everywhere.)
Converting to unicode would fix this issue as well (though we'd have to convert back to punycode for storage in order for the rate-limit identifier to remain backwards-compatible), but I'm wondering whether handling this conversion (and preserving the encoding for the return values, I guess?) should be done in
I agree with @jsha. U-labels are less likely to be supported by other tools, so it is more reasonable to define host names with ASCII characters inside ENV variables and configs. If Letsencrypt expects Unicode, some developers will end up having the same thing defined twice.
Hi @patf - thanks for putting this together. I really appreciate that you took the time to arrive with a solution in addition to a problem. You can't beat that!
That said I think we're all in agreement that upstream support is better than special-casing in Boulder. I'm going to close this PR and would love if you could give #2339 a