tokers opened a new issue #5047:
URL: https://github.com/apache/apisix/issues/5047
### Issue description
Refer from RFC6066:
> "HostName" contains the fully qualified DNS hostname of the server,
as understood by the client. The hostname is represented as a byte
string using ASCII encoding without a trailing dot. This allows the
support of internationalized domain names through the use of A-labels
defined in [RFC5890]. DNS hostnames are case-insensitive. The
algorithm to compare hostnames is described in [RFC5890], Section
2.3.2.4.
The SNI should be case-insensitive, While if the `snis` field in the `SSL`
object contains some uppercase letters, APISIX doesn't convert them into
lowercase, as a result, when SNI sent from the client is all in lowercase, the
SNI matching will fail and the SSL handshaking will be aborted.
PS: apisix-dashboard sniffs the `snis` from the SAN and CN fields from the
certificate, it doesn't convert them into lowercase too.
### Environment
- apisix version (cmd: `apisix version`): master
- OS (cmd: `uname -a`): N/A
- OpenResty / Nginx version (cmd: `nginx -V` or `openresty -V`): N/A
- etcd version, if have (cmd: run `curl
http://127.0.0.1:9090/v1/server_info` to get the info from server-info API):
- apisix-dashboard version, if have: N/A
- luarocks version, if the issue is about installation (cmd: `luarocks
--version`): N/A
### Steps to reproduce
N/A
### Actual result
N/A
### Error log
N/A
### Expected result
_No response_
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
