nanog mailing list archives

Re: looking for terminology recommendations concerning non-rooted FQDNs

From: Brian Reichert <reichert () numachi com>
Date: Mon, 25 Feb 2013 09:30:34 -0500

On Sun, Feb 24, 2013 at 12:10:20AM +1100, Mark Andrews wrote:

When I did my initial development with OpenSSL, I observed:

- If I did not have the rooted domain name in the SAN, then any SSL
  client stack would fail the verification if a rooted domain name
  was used to connect to the SSL server.


Well you have a broken SSL client app.  If it is accepting non legal
hostnames it should be normalising them before passing them to the ssl
layer.

From what little research I've done (only OpenSSL), the SSL client

is relying on getaddrinfo(3) to do name resolution.  In turn, I
haven't found an implementation of getaddrinfo(3) that rejects
rooted domain names as non-legal.

Looking for couter-examples...

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka () isc org


-- 
Brian Reichert                          <reichert () numachi com>
BSD admin/developer at large

Current thread:

Re: looking for terminology recommendations concerning non-rooted FQDNs, (continued)
- - - Re: looking for terminology recommendations concerning non-rooted FQDNs Brian Reichert (Feb 22)
    - Re: looking for terminology recommendations concerning non-rooted FQDNs Jay Ashworth (Feb 22)
    - Re: looking for terminology recommendations concerning non-rooted FQDNs Brian Reichert (Feb 22)
    - Re: looking for terminology recommendations concerning non-rooted FQDNs Jay Ashworth (Feb 22)
    - Re: looking for terminology recommendations concerning non-rooted FQDNs Brian Reichert (Feb 22)
    - Re: looking for terminology recommendations concerning non-rooted FQDNs Jay Ashworth (Feb 22)
    - Re: looking for terminology recommendations concerning non-rooted FQDNs Brian Reichert (Feb 22)
    - Re: looking for terminology recommendations concerning non-rooted FQDNs Jay Ashworth (Feb 22)
    - Re: looking for terminology recommendations concerning non-rooted FQDNs Mark Andrews (Feb 23)
    - Re: looking for terminology recommendations concerning non-rooted FQDNs Mark Andrews (Feb 23)
    - Re: looking for terminology recommendations concerning non-rooted FQDNs Brian Reichert (Feb 25)
    - Should host/domain names travel over the internet with a trailing dot? Jay Ashworth (Feb 25)
    - Re: Should host/domain names travel over the internet with a trailing dot? Brian Reichert (Feb 25)
    - Re: Should host/domain names travel over the internet with a trailing dot? Jay Ashworth (Feb 25)
    - Re: Should host/domain names travel over the internet with a trailing dot? Brian Reichert (Feb 25)
    - Re: Should host/domain names travel over the internet with a trailing dot? Jay Ashworth (Feb 25)
    - Re: Should host/domain names travel over the internet with a trailing dot? Jay Ashworth (Feb 25)
    - Re: Should host/domain names travel over the internet with a trailing dot? Mark Andrews (Feb 25)
    - Re: Should host/domain names travel over the internet with a trailing dot? Jay Ashworth (Feb 25)
    - Re: Should host/domain names travel over the internet with a trailing dot? Mark Andrews (Feb 25)
    - Re: Should host/domain names travel over the internet with a trailing dot? Jay Ashworth (Feb 25)

(Thread continues...)