Uploaded image for project: 'James Server'
  1. James Server
  2. JAMES-3851

TLS host name verification should handle trailing dot

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • master
    • None
    • Remote Delivery
    • None

    Description

      I noticed that sometimes RemoteDelivery opens a connection using a fully qualified hostname that ends with a trailing dot, like "mail.example.org." I believe James may get that from MX resolving, since afaik DNS servers may do this to indicate an absolute FQDN vs. a relative one. This is not an issue when establishing a connection, but will break TLS hostname verification, since the CN and SubjectAltNames in server certificates never use trailing dots.

      Consequently, RemoteDelivery should strip a trailing dot from the hostname before connecting.

      Attachments

        Issue Links

          relates to

          Improvement - An improvement or enhancement to an existing feature or task. JAMES-3832 Support TLS host name verification

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved
          links to

          Web Link GitHub Pull Request #1304

          Web Link GitHub Pull Request #1309

          Activity

            People

              Unassigned Unassigned
              kotto Karsten Otto
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 50m
                  50m