[
https://issues.apache.org/jira/browse/TS-4459?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15293672#comment-15293672
]
ASF GitHub Bot commented on TS-4459:
------------------------------------
Github user mjaniszewski commented on the pull request:
https://github.com/apache/trafficserver/pull/647#issuecomment-220656079
The point regarding malloc/lowercase on each lookup is a good one, but
indexing two separate versions of the cert won't cover all cases.
Let's say a cert has a common name of EXAMPLE.COM, and we index said cert
under both EXAMPLE.COM and example.com. In this model, requests coming in for
EXAMPLE.com/Example.COM/etc. won't match. According to the relevant RFC
(http://tools.ietf.org/html/rfc6125#section-6.4.1), we should be matching in a
case insensitive manner, regardless of the case present in the cert
CN/SubjectAltName.
Would you be ok with a check on lookup to determine if the hostname needs
to be modified, along with a conditional malloc/lowercase/free based on that?
That should avoid the hit in the vast majority of cases.
> Force domain names in cert to lower on insert into lookup tree
> --------------------------------------------------------------
>
> Key: TS-4459
> URL: https://issues.apache.org/jira/browse/TS-4459
> Project: Traffic Server
> Issue Type: Bug
> Components: SSL
> Reporter: Steven Feltner
> Fix For: 7.0.0
>
>
> We have certs from a legacy system that were issued with mixed case domain
> names. We are migrating this older product over to ATS and found that domain
> names need to be lower cased before being inserted in the lookup table.
> I will be submitting a pull request to resolve this issue.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
