Support server name validation using IP Address

haskell-tls / hs-certificate

Certificate and Key Reader/Writer in haskell

60 stars 57 forks source link

Support server name validation using IP Address #113

Open akshaymankar opened 5 years ago

akshaymankar commented 5 years ago

Fixes #90

This PR uses foundation for parsing IP address from hostname. The parser can overflow without any errors which may be seen as a vulnerability. I have opened another PR (haskell-foundation/foundation#524) to fix it.

I would've written the parser here using ReadP, but parsing IPv6 was getting very involved so I decided to use foundation.

akshaymankar commented 5 years ago

haskell-foundation/foundation#524 is merged, but unfortunately there was a bug in it. The ipv4parser was not safe and it returns error if things which don't look like an IPv4 address are passed to it. I have fixed it in haskell-foundation/foundation#526. This time I also used the code in this repository to make sure things were fine. The tests are passing, so I think the fix should be good.

akshaymankar commented 5 years ago

This is now ready to be merged 😄