You are viewing a plain text version of this content. The canonical link for it is here.

Posted to github@trafficserver.apache.org by "jpeach (via GitHub)" <gi...@apache.org> on 2023/06/03 01:52:53 UTC

[GitHub] [trafficserver] jpeach commented on pull request #9767: Filter SNI based on port

jpeach commented on PR #9767:
URL: https://github.com/apache/trafficserver/pull/9767#issuecomment-1574547100

   
   > Oh that relies on pcre? I didn't know it. Then it doesn't need to be completely removed, but as #9736 explains, using many pcre has negative impact in performance. And current pattern matching is not quite right. If you have `fqdn: *.example.com`, it actually matches `foo.bar.example.com.evil.com`, which sounds scary although I don't think of any bad ways to use the bug.
   
   IIRC this is explicitly forbidden by the RFC. I implemented this in the very first version of SNI support, and then reverted it for that reason.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: github-unsubscribe@trafficserver.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org