You are viewing a plain text version of this content. The canonical link for it is here.

Posted to server-dev@james.apache.org by "Karsten Otto (Jira)" <se...@james.apache.org> on 2022/11/10 13:28:00 UTC

[jira] [Created] (JAMES-3851) TLS host name verification should handle trailing dot

Karsten Otto created JAMES-3851:
-----------------------------------

             Summary: TLS host name verification should handle trailing dot
                 Key: JAMES-3851
                 URL: https://issues.apache.org/jira/browse/JAMES-3851
             Project: James Server
          Issue Type: Bug
          Components: Remote Delivery
    Affects Versions: master
            Reporter: Karsten Otto


I noticed that sometimes RemoteDelivery opens a connection using a fully qualified hostname that ends with a trailing dot, like "mail.example.org." I believe James may get that from MX resolving, since afaik DNS servers may do this to indicate an absolute FQDN vs. a relative one. This is not an issue when establishing a connection, but will break TLS hostname verification, since the CN and SubjectAltNames in server certificates never use trailing dots.

Consequently, RemoteDelivery should strip a trailing dot from the hostname before connecting.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org