Connecting to URLs like https://[2606:4700:4700::1111]/ fails due to the hostname verification (SNI). This library passes the host() returned by the URI package here, but the value returned for this URL is [2606:4700:4700::1111]/.
This fails TLS hostname verification because not only do the brackets have to be removed, but the IPv6 literal also has to observe specific rules regarding zero compression and suppression. spec
In this case the correct name to pass to the TLS library would be 2606:4700:4700:0:0:0:0:1111.
seanmonstar
commented
4 years ago
Connecting to URLs like
https://[2606:4700:4700::1111]/fails due to the hostname verification (SNI). This library passes thehost()returned by the URI package here, but the value returned for this URL is[2606:4700:4700::1111]/.This fails TLS hostname verification because not only do the brackets have to be removed, but the IPv6 literal also has to observe specific rules regarding zero compression and suppression. spec
In this case the correct name to pass to the TLS library would be
2606:4700:4700:0:0:0:0:1111.