You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@james.apache.org by GitBox <gi...@apache.org> on 2022/11/10 13:44:27 UTC

[GitHub] [james-project] ottoka opened a new pull request, #1304: JAMES-3851 TLS host name verification should handle trailing dot

ottoka opened a new pull request, #1304:
URL: https://github.com/apache/james-project/pull/1304

   I noticed that sometimes RemoteDelivery opens a connection using a fully qualified hostname that ends with a trailing dot, like "mail.example.org." I believe James may get that from MX resolving, since afaik DNS servers may do this to indicate an absolute FQDN vs. a relative one. This is not an issue when establishing a connection, but will break TLS hostname verification, since the CN and SubjectAltNames in server certificates never use trailing dots.
   
   Consequently, RemoteDelivery should strip a trailing dot from the hostname before connecting.
   
   Note that this is the minimal fix for the verification issue; log messages related to remote delivery will still show the hostname with a trailing dot. I am not sure if this is intended behavior, i.e. to see exactly what James got from DNS resolution. Otherwise, an alternative would be to fix this early in MXHostAddressIterator. Let me know if you prefer the latter.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@james.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@james.apache.org
For additional commands, e-mail: notifications-help@james.apache.org

[GitHub] [james-project] ottoka merged pull request #1304: JAMES-3851 TLS host name verification should handle trailing dot

Posted by GitBox <gi...@apache.org>.
ottoka merged PR #1304:
URL: https://github.com/apache/james-project/pull/1304


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@james.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@james.apache.org
For additional commands, e-mail: notifications-help@james.apache.org

[GitHub] [james-project] chibenwa commented on pull request #1304: JAMES-3851 TLS host name verification should handle trailing dot

Posted by GitBox <gi...@apache.org>.
chibenwa commented on PR #1304:
URL: https://github.com/apache/james-project/pull/1304#issuecomment-1311119420

   Looks good to me.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@james.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@james.apache.org
For additional commands, e-mail: notifications-help@james.apache.org