On 2016-10-17, Mike Tubby <m...@tubby.org> wrote:
> Couldn't we have - per perhaps shouldn't we have - a "safe domain name"
> function in Exim that could be used for this and elsewhere where an
> untrusted domain name enters - it would:
> * remove white space (tab, space, etc)
> * remove non-printing chars
> * remove 'quoting' and 'escaping'
> * make it lower case
> * only allow valid characters for a FQDN
why remove? why not just reject if it contains any badness?
> call it something like "safe_fqdn" and then you could do:
> aren't computers are supposed to be doing the work for us...?
will give the domain part if the $tls_sni is syntactically correct for a
domain name else it will give the empty string.
Is that not good enough?
it's going to try to use a file called /etc/mail/ssl/.pem if the sni
is empty or contains garbage, probably not a problem.
This email has not been checked by half-arsed antivirus software
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/