Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

crypto/x509: matchHostnames doesn't work with absolute domain names #9828

Closed
rubyist opened this issue Feb 10, 2015 · 1 comment
Closed

crypto/x509: matchHostnames doesn't work with absolute domain names #9828

rubyist opened this issue Feb 10, 2015 · 1 comment
Labels
FrozenDueToAge
Milestone
Go1.5

Comments

@rubyist
Copy link
Contributor

rubyist commented Feb 10, 2015

If an absolute domain name (i.e. ends in a '.' like "example.com.") is used with ssl/tls, the certificate will be reported as invalid. In matchHostnames, the host and patterns are split on '.' and if the lengths of the resulting slices do not match, the function returns false. When splitting an absolute domain name on '.', the slice will have an extra empty string at the end. This empty string should be discarded before comparison, if present.

$ go env
GOARCH="amd64"
GOBIN=""
GOCHAR="6"
GOEXE=""
GOHOSTARCH="amd64"
GOHOSTOS="darwin"
GOOS="darwin"
GOPATH="/Users/scott/src/gocode"
GORACE=""
GOROOT="/Users/scott/go1.4.1/go"
GOTOOLDIR="/Users/scott/go1.4.1/go/pkg/tool/darwin_amd64"
CC="clang"
GOGCCFLAGS="-fPIC -m64 -pthread -fno-caret-diagnostics -Qunused-arguments -fmessage-length=0 -fno-common"
CXX="clang++"
CGO_ENABLED="1"

Example code:

package main

import (
    "log"
    "net/http"
)

func main() {
    _, err := http.Get("https://api.github.com./users/rubyist")
    if err != nil {
        log.Fatal(err)
    }
}

Output:

2015/02/10 10:35:20 Get https://api.github.com./users/rubyist: x509: certificate is valid for *.github.com, github.com, not api.github.com.
exit status 1
@bradfitz bradfitz added this to the Go1.5 milestone Feb 10, 2015
@bradfitz
Copy link
Contributor

https://go-review.googlesource.com/4380

@agl agl closed this as completed in 32304fc Feb 11, 2015
@golang golang locked and limited conversation to collaborators Jun 25, 2016
@rsc rsc unassigned agl Jun 23, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge
Projects
None yet
Milestone
Go1.5
Development

No branches or pull requests
4 participants
@rubyist @bradfitz @agl @gopherbot