Don't treat known TLDs in UPPERCASE as unknown

amazon-archives / certlint

X.509 certificate linter

Apache License 2.0

157 stars 42 forks source link

Don't treat known TLDs in UPPERCASE as unknown #2

Closed robstradling closed 8 years ago

robstradling commented 8 years ago

Example: https://crt.sh/?id=12118779&opt=cablint

guidolotito commented 8 years ago

Related to this: some certs are flagged with this error: "ERROR: commonNames in BR certificates must be from SAN entries" if the CN and SAN fail a case-sensitive comparison. But if the comparison was made in a case-insensitive manner, they would match.

RFC 1034 says "By convention, domain names can be stored with arbitrary case, but domain name comparisons for all present domain functions are done in a case-insensitive manner"

guidolotito commented 8 years ago

An example of a cert flagged with "ERROR: commonNames in BR certificates must be from SAN entries" is https://crt.sh/test/?id=12130062.