mirror of https://github.com/golang/go.git
[release-branch.go1.11] crypto/x509: allow ":" in Common Name hostnames
At least one popular service puts a hostname which contains a ":" in the Common Name field. On the other hand, I don't know of any name constrained certificates that only work if we ignore such CNs. Updates #24151 Change-Id: I2d813e3e522ebd65ab5ea5cd83390467a869eea3 Reviewed-on: https://go-review.googlesource.com/134076 Run-TryBot: Filippo Valsorda <filippo@golang.org> Reviewed-by: Adam Langley <agl@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> (cherry picked from commit 03c703697f321f66d28d6223457622c5879ba37f) Reviewed-on: https://go-review.googlesource.com/134078 Reviewed-by: Andrew Bonventre <andybons@golang.org>
This commit is contained in:
parent
cd9f60131b
commit
71fce844b5
|
|
@ -894,8 +894,8 @@ func validHostname(host string) bool {
|
|||
if c == '-' && j != 0 {
|
||||
continue
|
||||
}
|
||||
if c == '_' {
|
||||
// _ is not a valid character in hostnames, but it's commonly
|
||||
if c == '_' || c == ':' {
|
||||
// Not valid characters in hostnames, but commonly
|
||||
// found in deployments outside the WebPKI.
|
||||
continue
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1881,6 +1881,7 @@ func TestValidHostname(t *testing.T) {
|
|||
{"foo.*.example.com", false},
|
||||
{"exa_mple.com", true},
|
||||
{"foo,bar", false},
|
||||
{"project-dev:us-central1:main", true},
|
||||
}
|
||||
for _, tt := range tests {
|
||||
if got := validHostname(tt.host); got != tt.want {
|
||||
|
|
|
|||
Loading…
Reference in New Issue