Github user mjaniszewski commented on the pull request:
https://github.com/apache/trafficserver/pull/647#issuecomment-220656079
The point regarding malloc/lowercase on each lookup is a good one, but
indexing two separate versions of the cert won't cover all cases.
Let's say a cert has a common name of EXAMPLE.COM, and we index said cert
under both EXAMPLE.COM and example.com. In this model, requests coming in for
EXAMPLE.com/Example.COM/etc. won't match. According to the relevant RFC
(http://tools.ietf.org/html/rfc6125#section-6.4.1), we should be matching in a
case insensitive manner, regardless of the case present in the cert
CN/SubjectAltName.
Would you be ok with a check on lookup to determine if the hostname needs
to be modified, along with a conditional malloc/lowercase/free based on that?
That should avoid the hit in the vast majority of cases.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
