DHB-liuhong opened a new issue #3739: URL: https://github.com/apache/apisix/issues/3739
### Issue description Why restrict "." in sni/snis? ### Environment * apisix version (cmd: `apisix version`): 2.1 or master * OS (cmd: `uname -a`): centos7 * OpenResty / Nginx version (cmd: `nginx -V` or `openresty -V`): * etcd version, if have (cmd: run `curl http://127.0.0.1:9090/v1/server_info` to get the info from server-info API): * apisix-dashboard version, if have: ### Minimal test code / Steps to reproduce the issue 1. My SSL Certificate Domain Name is "eos-1.cloud.cn", i use apisix to access s3 interface, i create two buckets bucket01 and bucket.1 in s3, i want to host stype to(https://bucket01.eos-1.cloud.cn) access this bucket 2. Configure for ssl in apisix - TEST 1 "snis":["eos-1.cloud.cn","*.eos-1.cloud.cn"] - TEST 2 "sni":"*.eos-1.cloud.cn" - TEST 3 "sni":"*eos-1.cloud.cn" - TEST 3 "sni":"eos-1.cloud.cn" ### What's the actual result? (including assertion message & call stack if applicable) - TEST 1-result [root@kcpn1 ~]# curl -i https://eos-1.cloud.cn HTTP/1.1 200 OK [root@kcpn1 ~]# curl -i https://bucket01.eos-1.cloud.cn HTTP/1.1 200 OK [root@kcpn1 ~]# curl -i https://bucket.1.eos-1.cloud.cn **curl: (35) Peer reports it experienced an internal error.** because: if str_find(sni_rev, ".", #api_ctx.matched_sni) then core.log.warn("failed to find any SSL certificate by SNI: ", sni, " matched SNI: ", api_ctx.matched_sni:reverse()) return fals - TEST 2-result [root@kcpn1 ~]# curl -i https://eos-1.cloud.cn **curl: (35) Peer reports it experienced an internal error.** [root@kcpn1 ~]# curl -i https://bucket01.eos-1.cloud.cn HTTP/1.1 200 OK [root@kcpn1 ~]# curl -i https://bucket.1.eos-1.cloud.cn **curl: (35) Peer reports it experienced an internal error.** - TEST 3-result [root@kcpn1 ~]# curl -i https://eos-1.cloud.cn HTTP/1.1 200 OK [root@kcpn1 ~]# curl -i https://bucket01.eos-1.cloud.cn **curl: (35) Peer reports it experienced an internal error.** [root@kcpn1 ~]# curl -i https://bucket.1.eos-1.cloud.cn **curl: (35) Peer reports it experienced an internal error.** - TEST 4-result [root@kcpn1 ~]# curl -i https://eos-1.cloud.cn HTTP/1.1 200 OK [root@kcpn1 ~]# curl -i https://bucket01.eos-1.cloud.cn **curl: (35) Peer reports it experienced an internal error.** [root@kcpn1 ~]# curl -i https://bucket.1.eos-1.cloud.cn **curl: (35) Peer reports it experienced an internal error.** **But i use "sni":"*eos-1.cloud.cn" is good in apisix 1.2** ### What's the expected result? ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
