-
Notifications
You must be signed in to change notification settings - Fork 4.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SubjectAlternativeNameBuilder.AddDnsName throws ArgumentException #102201
Comments
Tagging subscribers to this area: @dotnet/area-system-security, @bartonjs, @vcsjones |
According to RFC 1034, ending in a hyphen is invalid.
The |
First, this exception only happens when the ICU Globalization API is used (as I now discovered). This work fine with NLS, which means that it works fine with old versions of .NET. This shouldn't be the case regardless of whether this is a valid DNS name. Second, hostnames seem to not have this restriction on ending with hyphen. And such hostnames can easily be accidentally created due to truncation to 15 characters. We ran into this issue in practice on a Windows EC2 machine where our code tried to generate a certificate with the hostname as an alternate name. This used to work in older versions of .NET. Lastly, there seems to be some confusion with |
Description
Calling
SubjectAlternativeNameBuilder.AddDnsName()
with a name that ends with-
results in an ArgumentException although it's a perfectly valid DNS name. This is caused byIdnMapping
mistakenly treating such names as IDNs.Note that
Uri.CheckHostName("EC2-12-456-789-")
returnsDns
as the name type.Reproduction Steps
Expected behavior
Adds the given DNS name to the SubjectAlternateName
Actual behavior
Throws ArgumentException
Regression?
No response
Known Workarounds
No response
Configuration
No response
Other information
No response
The text was updated successfully, but these errors were encountered: