SNIHostName is going to throw an exception when hostname has a trailing dot #656
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
How come that a host name returned from |
|
Looks like some DNS clients support adding a trailing dot which signifies to not use a search domain when resolving a name. I'm not an expert on this, I just have a coworker who used this convention when setting some environment variables. I've tested 1.0.4 (works) and 1.0.5 (throws validation exception) with the following code: import io.r2dbc.postgresql.PostgresqlConnectionConfiguration
import io.r2dbc.postgresql.PostgresqlConnectionFactory
import io.r2dbc.postgresql.client.SSLMode
val config =
PostgresqlConnectionConfiguration.builder()
.host("database.internal.")
.port(5432)
.database("reporting")
.username("user")
.password("xxxx")
.sslMode(SSLMode.REQUIRE)
.build()
val factory = PostgresqlConnectionFactory(config)
factory.create().block()
I could also see trimming trailing dots before sending to the SNIHostName constructor as valid. That would support SNI better, I think. Unless changing hostnames at all can cause more surprising results. |
mp911de
pushed a commit
that referenced
this pull request
Oct 2, 2024
mp911de
added a commit
that referenced
this pull request
Oct 2, 2024
Reformat code. Split tests into positives and negatives. [#656]
mp911de
added a commit
that referenced
this pull request
Oct 2, 2024
Reformat code. Split tests into positives and negatives. [#656]
|
Thank you for your contribution. That's merged, polished, and backported now. |
mp911de
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
…ng dot
Make sure that:
Issue description
SSL SNI hostname with trailing dot unable to connect
New Public APIs
Additional context
Minor issue, as there is an easy workaround to disable SNI through configuration that avoids the issue entirely. The underlying library throws an error when there is a trailing dot on an SNI hostname. Looks easy enough to match that library's validation in the SSLConfig validation.