From nobody Thu May 25 18:57:26 2023 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4QRy3j31x4z4WYtQ; Thu, 25 May 2023 18:57:35 +0000 (UTC) (envelope-from steffen@sdaoden.eu) Received: from sdaoden.eu (sdaoden.eu [217.144.132.164]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4QRy3f6s57z43yr; Thu, 25 May 2023 18:57:34 +0000 (UTC) (envelope-from steffen@sdaoden.eu) Authentication-Results: mx1.freebsd.org; none Date: Thu, 25 May 2023 20:57:26 +0200 Author: Steffen Nurpmeso From: Steffen Nurpmeso To: Ed Maste Cc: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: Re: git: 77d788e23d09 - main - libfetch: specify OpenSSL 1.1 APIs Message-ID: <20230525185726.MsrLK%steffen@sdaoden.eu> In-Reply-To: <202305251716.34PHGwJc044622@gitrepo.freebsd.org> References: <202305251716.34PHGwJc044622@gitrepo.freebsd.org> Mail-Followup-To: Ed Maste , src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org User-Agent: s-nail v14.9.24-470-g00466668ef OpenPGP: id=EE19E1C1F2F7054F8D3954D8308964B51883A0DD; url=https://ftp.sdaoden.eu/steffen.asc; preference=signencrypt BlahBlahBlah: Any stupid boy can crush a beetle. But all the professors in the world can make no bugs. X-Rspamd-Queue-Id: 4QRy3f6s57z43yr X-Spamd-Bar: ---- X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:15987, ipnet:217.144.128.0/20, country:DE] X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-ThisMailContainsUnwantedMimeParts: N List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org Hello. Ed Maste wrote in <202305251716.34PHGwJc044622@gitrepo.freebsd.org>: |The branch main has been updated by emaste: | |URL: https://cgit.FreeBSD.org/src/commit/?id=77d788e23d0964053b81b5de307\ |fa04bd1ccadc5 | |commit 77d788e23d0964053b81b5de307fa04bd1ccadc5 |Author: Pierre Pronchery |AuthorDate: 2023-05-25 06:46:02 +0000 |Commit: Ed Maste |CommitDate: 2023-05-25 17:15:45 +0000 | | libfetch: specify OpenSSL 1.1 APIs ... Btw out of interest (sorry to be here again) i looked into that just now, and it seems to me, i may be mistaken and should reread anything from scratch etc etc, that * the client. This includes wildcard matching. The algorithm is based on * RFC6125, sections 6.4.3 and 7.2, which clarifies RFC2818 and RFC3280. */ static int fetch_ssl_hname_match(const char *h, size_t hlen, const char *m, size_t mlen) and its claim /* * there must be at least two more domain labels and * wildcard has to be in the leftmost label (RFC6125) */ that can be verified is the way it works (that code uses too much in-place string-offset calculations so i copied it out to a file "t.c" and tried it by running): #?148|kent:tmp$ tcc -run t.c www.x.com www.x.com #?0|kent:tmp$ tcc -run t.c www.x.com www.xs.com ^ ? -> $? of last command #?1|kent:tmp$ tcc -run t.c www.x.com *.x.com #?0|kent:tmp$ tcc -run t.c www.com *.com #?1|kent:tmp$ jobs ie it really imposes a two-more-domain-labels rule, cannot be found in the mentioned RFC 6125 (despite RFC 2595 defines wildcard, as in Appendix B.1 of 6125)? I think the imposed two-more-domain-labels is libfetch specific. (Other than that looking into causes trouble as re-verifying what i do leads to manual entries like "considered deprecated" for X509_NAME_get_text_by_NID, whereas libfetch is far off. Sigh.) --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt) |~~ |..and in spring, hear David Leonard sing.. | |The black bear, The black bear, |blithely holds his own holds himself at leisure |beating it, up and down tossing over his ups and downs with pleasure |~~ |Farewell, dear collar bear