Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support sites with invalid IDN in SslStream #82464

Closed
wfurt opened this issue Feb 22, 2023 · 1 comment · Fixed by #82934
Closed

Support sites with invalid IDN in SslStream #82464

wfurt opened this issue Feb 22, 2023 · 1 comment · Fixed by #82934
Labels
area-System.Net.Security enhancement Product code improvement that does NOT require public API changes/additions
Milestone
8.0.0

Comments

@wfurt
Copy link
Member

wfurt commented Feb 22, 2023
edited
Loading

There are cases when the name may be valid DNS name - and resolve by OS but it fails IDN checks.
Example of such names may be www-.colorhexa.com, xn--www-7m0a.thegratuit.com or www-.volal.cz.
#26167 also had some examples.

Currently we would fail to encode/decode the name and SslStream would fail unconditionally to complete handshake.
Browsers may show warnings but they allow to connect. So as some other HTTP implementations like curl.

The goal would be allowing users of SslStream to allow such handling using validation callback or validation policy.
While there may be some danger in allowing generic Unicode and binary, there seems to be no harm allowing plain ASCII that is not in direct violations of RFC 1035 (and common variations)

Further more, SslStream is not directly linked to DNS & IP protocol. While that is very likely most common scenario it can also be used on custom streams where the naming does not need to follow Internet standards.
@ghost ghost added the untriaged New issue has not been triaged by the area owner label Feb 22, 2023
@karelz karelz added this to the 8.0.0 milestone Feb 22, 2023
@ghost ghost removed the untriaged New issue has not been triaged by the area owner label Feb 22, 2023
@karelz karelz added the enhancement Product code improvement that does NOT require public API changes/additions label Feb 22, 2023
@karelz
Copy link
Member

karelz commented Feb 22, 2023

Triage: This seems worthwhile to do to make our platform more consistent and closer to Browser behavior. There are real-world crawler scenarios, which benefit from it.

@wfurt wfurt mentioned this issue Mar 3, 2023
Merged
@ghost ghost added the in-pr There is an active PR which will close this issue when it is merged label Mar 3, 2023
@ghost ghost removed the in-pr There is an active PR which will close this issue when it is merged label Mar 10, 2023
@ghost ghost locked as resolved and limited conversation to collaborators Apr 9, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
area-System.Net.Security enhancement Product code improvement that does NOT require public API changes/additions
Projects
None yet
Milestone
8.0.0
Development

Successfully merging a pull request may close this issue.

Support sites with invalid IDN in SslStream wfurt/runtime
2 participants
@karelz @wfurt