Christian Heimes added the comment:
For the record, I'm now considering match_hostname() on U-Labels crazy level 'A
sure sign of someone who wears his underpants on his head.'. Once upon a time I
had some hope to make it work and keep server_hostname to be an IDN U-Label. I
no longer think it feasible and safe at the same time.
Pros:
* ACE is native encoding in SNI TLSEXT.
* ACE is native encoding in X509v3 SAN extension.
* ACE is native encoding in DNS.
* ACE is required to avoid partial wildcards on punycode ("x*" must not match
"xn--...").
* OpenSSL's hostname verification operates on ACE.
* ACE is not ambiguous, ACE -> U-label -> ACE depends on IDNA standard and
settings.
Cons:
* Making SSLSocket.server_hostname IDN A-label instead of U-label is backwards
incompatible.
Self-quote from
https://github.com/pyca/cryptography/issues/3357#issuecomment-318902879
---
I have been struggling with similar issues in Python's ssl module. The current
implementation cannot verify and match IDN host names. It's also a bit of a
mess, SNI callback and server_hostname are IDN U-labels, cert attributes are
IDN A-labels. I have played with several approaches to fix the issue. So far
only one approach is both simple enough to be memorable and not a potential
source of security issues. It's also fully backwards compatible with ASCII-only
host names.
User supplied input (hostname for TCP connection, server hostname) can be
specified as either IDN U-label (str), IDN A-label (aka ACE, str) or ACE bytes.
Internally the socket module and SSL module use ACE bytes only. Text (str) are
converted to ACE bytes using IDNA. Since ACE str are just ASCII, IDNA encoding
of ACE str is equivalent to encoding with ASCII encoding.
All output (SAN dNSName, SAN URI, CN, SNI callback, server_hostname attribute)
are decoded as ACE strings. Since IDN is not a bijective mapping and also
depends on the IDNA standard (2003, 2008, UTS46), this avoids some potential
security issues. X.509 hostname verification and matching is defined on ACE,
not IDN U-labels. I would rather keep them as bytes, but it wouldn't be
backwards compatible. Also the aligns the SSL module with the socket module.
socket.getnameinfo() decodes with ASCII, not with IDNA.
The new approach will make the SSL module compatible with the external idna
package and IDNA 2008. Users just have to pass in ACE bytes as server_hostname.
---
----------
_______________________________________
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/issue28414>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
