At least one popular service puts a hostname which contains a ":"
in the Common Name field. On the other hand, I don't know of any name
constrained certificates that only work if we ignore such CNs.
Updates #24151
Change-Id: I2d813e3e522ebd65ab5ea5cd83390467a869eea3
Reviewed-on: https://go-review.googlesource.com/134076
Run-TryBot: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Adam Langley <agl@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
(cherry picked from commit
03c703697f321f66d28d6223457622c5879ba37f)
Reviewed-on: https://go-review.googlesource.com/134078
Reviewed-by: Andrew Bonventre <andybons@golang.org>
if c == '-' && j != 0 {
continue
}
- if c == '_' {
- // _ is not a valid character in hostnames, but it's commonly
+ if c == '_' || c == ':' {
+ // Not valid characters in hostnames, but commonly
// found in deployments outside the WebPKI.
continue
}
{"foo.*.example.com", false},
{"exa_mple.com", true},
{"foo,bar", false},
+ {"project-dev:us-central1:main", true},
}
for _, tt := range tests {
if got := validHostname(tt.host); got != tt.want {