New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
domain name with trailing dot fails the certificate check when using gnutls #13428
Comments
I think this description is slightly off. The correct SNI field (without trailing dot) is actually used. The problem is rather in this call: Line 1202 in 5fa594a
... where |
Likely so; I was guessing. Feel free to retitle or edit as needed. |
Please see #13440 for the fix and added test cases. |
Fix and tests now in #13486. |
When built using gnutls, curl cannot connect to
https://pyropus.ca.
possibly because the period at the end of the hostname is not being stripped for SNI purposes. This problem does not occur when curl is built using openssl. I'm not sure whether this is a curl bug or a gnutls bug.For prior history on issues accessing this server, which intentionally uses a canonical name ending in a period, see #8290 reported by @ccazabon. There, the problem was that curl was stripping the period from the hostname for non-SNI purposes when it should not have been doing so.
I did this
I expected the following
but I got this
curl/libcurl version
operating system
Darwin hostname-redacted 21.6.0 Darwin Kernel Version 21.6.0: Mon Feb 19 20:24:34 PST 2024; root:xnu-8020.240.18.707.4~1/RELEASE_X86_64 x86_64
The text was updated successfully, but these errors were encountered: