Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
master
-
None
-
None
Description
I noticed that sometimes RemoteDelivery opens a connection using a fully qualified hostname that ends with a trailing dot, like "mail.example.org." I believe James may get that from MX resolving, since afaik DNS servers may do this to indicate an absolute FQDN vs. a relative one. This is not an issue when establishing a connection, but will break TLS hostname verification, since the CN and SubjectAltNames in server certificates never use trailing dots.
Consequently, RemoteDelivery should strip a trailing dot from the hostname before connecting.
Attachments
Issue Links
- relates to
-
JAMES-3832 Support TLS host name verification
- Resolved
- links to