On 27/01/2021 21:06, Daniel Skiles wrote: > https://tools.ietf.org/html/rfc5280#section-4.2.1.6 > > RFC5280, at least, seems to suggest that SANs need not be case sensitive. > > "Note that while uppercase and lowercase letters are allowed in domain > names, no significance is attached to the case." > > There may be other implications that I have not uncovered. I am not > intimately familiar with the Tomcat internals.
I was curious why the browser was converting to lower case and wondered if there was an RFC requirement behind it but I haven't found one either. I have found several references to comparing DNS names in a case insensitive manner. I'll work on updating Tomcat. The fix won't make the February releases as they have already been tagged (unless the vote fails and we have to re-tag). It should be in the March releases. Mark > > On Wed, Jan 27, 2021 at 3:36 PM Mark Thomas <ma...@apache.org> wrote: > >> On 27/01/2021 19:42, Christopher Schultz wrote: >>> On 1/27/21 14:37, Daniel Skiles wrote: >> >> <snip/> >> >>>> Are SSLHostConfig.hostName attribute values case sensitive in Tomcat? I >>>> have looked through the documentation and it does not seem to specify >>>> either way. >>> >>> Hostnames are, by RFC[1] definition, NOT case-sensitive. Those values >>> might be case-sensitive in Tomcat, though only accidentally. >> >> Code inspection strongly suggests that is the case. >> >>> Can you confirm a few things: >>> >>> Using curl -v with HOST do you get the right cert? >>> >>> Using telnet/nc with HOST do you get the right cert? >> >> Also need to check if there are any rules / specs for hosts names in >> certs that require them to be lower case. >> >> Mark >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
