crypto/tls: GetCertificate should have a way to signal unrecognized_name
#19300
Labels
FrozenDueToAge
NeedsDecision
Feedback is required from experts, contributors, and/or the community before a change can be made.
Milestone
What version of Go are you using (
go version
)?go version go1.8 linux/amd64
What operating system and processor architecture are you using (
go env
)?GOHOSTARCH="amd64"
GOHOSTOS="linux"
What did you do?
Through using
golang.org/x/crypto/acme/autocert
I noticed the TLS listener implementation uses a fatal-level internal_error alert to signal the client that it can't handle a servername.What did you expect to see?
Ideally, the TLS implementation should be able to signal a TLS alert called
unrecognized_name
in response. In RFC6066 Section 3 the following is defined:What did you see instead?
The TLS implementation currently doesn't support the
unrecognized_name
alert, and if it had GetCertificate has no (documented) way of triggering it.I'd also like to attempt to implement this myself. Any input on implementation is welcome.
The text was updated successfully, but these errors were encountered: