Why do you perform domain validation on IP addresses?

async-rs / async-tls

A TLS implementation over AsyncRead and AsyncWrite

https://async.rs

Apache License 2.0

165 stars 47 forks source link

Why do you perform domain validation on IP addresses? #15

Open d-e-s-o opened 4 years ago

d-e-s-o commented 4 years ago

See above. When I try to connect to an IP address I get a complaint about an invalid domain. Other TLS crates seem fine with an IP to connect to. Why is this check in place for IP addresses?

Demi-Marie commented 4 years ago

This is a missing feature in WebPKI.

sachanganesh commented 4 years ago

Just to clarify, is there any work-around to the domain validation? I want to test against a local tls server, but I'm encountering the "invalid domain" error with little additional context.

If someone could provide a solution to the error, a work-around, or resources for further reading that would be greatly appreciated.

Thanks in advance!

Demi-Marie commented 4 years ago

The only workarounds are:

Implement it oneself with a custom certificate verifier.
Implement it oneself and get it upstreamed to WebPKI.
Pay Brian Smith to add support for it to WebPKI.