[Freeipa-devel] [PATCH 0070] Normalization check only for IDNA domains
Jan Cholasta
jcholast at redhat.com
Fri Jun 27 08:27:48 UTC 2014
On 27.6.2014 10:15, Alexander Bokovoy wrote:
> On Fri, 20 Jun 2014, Martin Basti wrote:
>> On Fri, 2014-06-20 at 10:32 +0200, Jan Cholasta wrote:
>>> On 18.6.2014 16:49, Martin Basti wrote:
>>> > Due to compability with older versions, only IDNA domains should be
>>> > checked
>>> > Patch attached.
>>>
>>> I'm not particularly happy about the u'\xdf' special case. Isn't there a
>>> better way to do this check?
>> I cant find better way. u'\xdf' is mapped to ss, and ss is not IDN
>> string.
>>
>> Or just remove this validation.
>>
>>> (BTW I really think this should be a warning, not an error, but that
>>> would require larger amount of work, so I guess it's OK for now.)
>> (More pain than gain)
> Main thing in this patch is that the check should not be done against
> non-IDN strings. I want this version of the patch to go in for that
> reason as currently you cannot even complete ipa-adtrust-install run due
> to IDN normalisation check being applied to non-IDN domains.
On non-IDN domains, the only effect of IDN normalization is that it
lower-cases the names (right?), so the check should compare lower-cased
original name with the normalized name, instead of special-casing
certain characters etc.
--
Jan Cholasta
More information about the Freeipa-devel
mailing list