[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#27809: libidn2 underscore stripping problem
|
From: |
Marius Bakke |
|
Subject: |
bug#27809: libidn2 underscore stripping problem |
|
Date: |
Tue, 25 Jul 2017 22:22:03 +0200 |
|
User-agent: |
Notmuch/0.24.2 (https://notmuchmail.org) Emacs/25.2.1 (x86_64-unknown-linux-gnu) |
Leo Famulari <address@hidden> writes:
> It was recently reported that libidn2 can cause issues for domains whose
> names contain underscores, and maybe some other characters, too. It
> matters to us because we build GnuTLS with libidn2.
>
> I'm not sure yet what the solution is for us. Help wanted!
>
> Original report:
> https://github.com/systemd/systemd/issues/6426
>
> libidn2 discussion:
> https://gitlab.com/libidn/libidn2/issues/30
>
> Upstream fix:
> https://gitlab.com/libidn/libidn2/commit/a5cbc16efd02adb78d2d082b21c3ac4d3fa88d2e
The commit refers to TR46 which is a Unicode standards document:
http://unicode.org/reports/tr46/#STD3_Rules
It appears the new IDNA processing rules disallow use of underscores in
domain names, which is in direct conflict with e.g. RFC2782[0].
Part of the confusion comes from the fact that underscores are indeed
disallowed in *hostnames* (as in A and AAAA records)[1].
So if libidn2 enforces STD3 compliance on *all* domain types (how can it
distinguish?), that is not good.
I'm not sure if it's worth grafting it until we have a real-world use
case however. Though we could consider swallowing the ~2300 rebuilds in
the next staging round for the new version which contains the fix.
[0] https://tools.ietf.org/html/rfc2782
[1] https://tools.ietf.org/html/rfc1123#section-2
signature.asc
Description: PGP signature