Crypto backend breaks on IP entry in SAN #28
Labels
No Label
bug
duplicate
enhancement
help wanted
invalid
question
wontfix
No Milestone
No Assignees
2 Participants
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: solderpunk/AV-98#28
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Basically, when the SAN of a server's cert contains an IP address entry, AV-98 breaks when attempting to connect to the server. You can generate such a cert with a command like:
Then run a Gemini server on localhost with
localhost.{key|crt}
, and attempt to access it from AV-98. The error that results is "'IPv4Address' object has no attribute 'count'", which happens because AV-98's handling of SAN when usingcryptography
doesn't distinguish DNS entries from IP entries in the SAN.(Note: I actually thought the issue lied in the Python stdlib ssl library since the issue was from a ssl.* function, and got halfway through filing a Python bug report before I decided to double check and realized what was actually going on.)
Thanks for this report and sorry for my slow response time! I just tried to replicate this issue but wasn't able to. Which Gemini server are you using? It's not clear to me at all why this would be server-specific, but figured I'd check...
Hmm... strange. The command in question was the command to generate the test certificate for my Big Tiddy Gemini Server. This shouldn't be server specific though, since the problem is with how AV-98 handles the cert, not with how the server sends the cert.