You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
What steps will reproduce the problem?
1. http.Get("https://www.paypal.nl/nl";)
What is the expected output?
*http.Response
What do you see instead?
err: "Get https://www.paypal.nl/nl: certificate is valid for WWW.PAYPAL.COM,
PAYPAL.COM, HISTORY.PAYPAL.COM, WWW.PAYPALOBJECTS.COM, stxnapi.paypal.com,
CMS.PAYPAL.COM, STUDENT.PAYPAL.COM, PERSONAL.PAYPAL.COM, MERCHANT.PAYPAL.COM,
EMPRESAS.PAYPAL.COM, SHOPPING.PAYPAL.COM, WWW.THEPAYPALBLOG.COM, WWW.PAYPAL.AT,
WWW.PAYPAL.BE, WWW.PAYPAL.CA, WWW.PAYPAL.CH, WWW.PAYPAL.CL, WWW.PAYPAL.CN,
WWW.PAYPAL.CO.IL, WWW.PAYPAL.CO.IN, WWW.PAYPAL.CO.NZ, WWW.PAYPAL.CO.TH,
WWW.PAYPAL.CO.UK, WWW.PAYPAL.CO.ZA, WWW.PAYPAL.COM.AR, WWW.PAYPAL.COM.AU,
WWW.PAYPAL.COM.BR, WWW.PAYPAL.COM.CN, WWW.PAYPAL.COM.ES, WWW.PAYPAL.COM.HK,
WWW.PAYPAL.COM.MX, WWW.PAYPAL.COM.PT, WWW.PAYPAL.COM.SA, WWW.PAYPAL.COM.SG,
WWW.PAYPAL.COM.TR, WWW.PAYPAL.COM.TW, WWW.PAYPAL.COM.VE, WWW.PAYPAL.DE, WWW.PAYPAL.DK,
WWW.PAYPAL.ES, WWW.PAYPAL.FI, WWW.PAYPAL.FR, WWW.PAYPAL.IE, WWW.PAYPAL.IT,
WWW.PAYPAL.JP, WWW.PAYPAL.LU, WWW.PAYPAL.MX, WWW.PAYPAL.NL, WWW.PAYPAL.PH,
WWW.PAYPAL.PL, WWW.PAYPAL.PT, WWW.PAYPAL.SE, WWW.PAYPAL.NO, IPNPB.PAYPAL.COM, not
www.paypal.nl"
Which compiler are you using (5g, 6g, 8g, gccgo)? 6g
Which operating system are you using? Ubuntu 11.10
Which revision are you using? weekly.2012-01-20
Please provide any additional information below.
From RFC 5280 (http://www.ietf.org/rfc/rfc5280.txt):
When comparing DNS names for equality, conforming implementations
MUST perform a case-insensitive exact match on the entire DNS name.
When evaluating name constraints, conforming implementations MUST
perform a case-insensitive exact match on a label-by-label basis. As
noted in Section 4.2.1.10, any DNS name that may be constructed by
adding labels to the left-hand side of the domain name given as the
constraint is considered to fall within the indicated subtree.
Possible fix:
diff -r 9f2be4fbbf69 src/pkg/crypto/x509/verify.go
--- a/src/pkg/crypto/x509/verify.go Fri Jan 20 16:57:10 2012 +1100
+++ b/src/pkg/crypto/x509/verify.go Thu Jan 26 15:54:17 2012 +0100
@@ -206,8 +206,8 @@
return false
}
- patternParts := strings.Split(pattern, ".")
- hostParts := strings.Split(host, ".")
+ patternParts := strings.Split(strings.ToLower(pattern), ".")
+ hostParts := strings.Split(strings.ToLower(host), ".")
if len(patternParts) != len(hostParts) {
return false
The text was updated successfully, but these errors were encountered:
RFC 6125 6.4.1 is the standard and that references RFC 4343. So yes, it should be case
insensitive, but it's an ASCII insensitivity, not a Unicode one.
Will take a look.
The text was updated successfully, but these errors were encountered: