Leo Famulari <[email protected]> writes: > It was recently reported that libidn2 can cause issues for domains whose > names contain underscores, and maybe some other characters, too. It > matters to us because we build GnuTLS with libidn2. > > I'm not sure yet what the solution is for us. Help wanted! > > Original report: > https://github.com/systemd/systemd/issues/6426 > > libidn2 discussion: > https://gitlab.com/libidn/libidn2/issues/30 > > Upstream fix: > https://gitlab.com/libidn/libidn2/commit/a5cbc16efd02adb78d2d082b21c3ac4d3fa88d2e
The commit refers to TR46 which is a Unicode standards document: http://unicode.org/reports/tr46/#STD3_Rules It appears the new IDNA processing rules disallow use of underscores in domain names, which is in direct conflict with e.g. RFC2782[0]. Part of the confusion comes from the fact that underscores are indeed disallowed in *hostnames* (as in A and AAAA records)[1]. So if libidn2 enforces STD3 compliance on *all* domain types (how can it distinguish?), that is not good. I'm not sure if it's worth grafting it until we have a real-world use case however. Though we could consider swallowing the ~2300 rebuilds in the next staging round for the new version which contains the fix. [0] https://tools.ietf.org/html/rfc2782 [1] https://tools.ietf.org/html/rfc1123#section-2
signature.asc
Description: PGP signature
