mp911de
commented
3 months ago How come that a host name returned from InetSocketAddress ends with a dot?
Closed seanmcnealy closed 13 hours ago
mp911de
commented
3 months ago How come that a host name returned from InetSocketAddress ends with a dot?
seanmcnealy
commented
3 months ago Looks like some DNS clients support adding a trailing dot which signifies to not use a search domain when resolving a name. I'm not an expert on this, I just have a coworker who used this convention when setting some environment variables.
I've tested 1.0.4 (works) and 1.0.5 (throws validation exception) with the following code:
import io.r2dbc.postgresql.PostgresqlConnectionConfiguration
import io.r2dbc.postgresql.PostgresqlConnectionFactory
import io.r2dbc.postgresql.client.SSLMode
val config =
PostgresqlConnectionConfiguration.builder()
.host("database.internal.")
.port(5432)
.database("reporting")
.username("user")
.password("xxxx")
.sslMode(SSLMode.REQUIRE)
.build()
val factory = PostgresqlConnectionFactory(config)
factory.create().block()
I could also see trimming trailing dots before sending to the SNIHostName constructor as valid. That would support SNI better, I think. Unless changing hostnames at all can cause more surprising results.
mp911de
commented
13 hours ago Thank you for your contribution. That's merged, polished, and backported now.
…ng dot
Make sure that:
[X] You submit test cases (unit or integration tests) that back your changes.
Issue description
SSL SNI hostname with trailing dot unable to connect
New Public APIs
Additional context
Minor issue, as there is an easy workaround to disable SNI through configuration that avoids the issue entirely. The underlying library throws an error when there is a trailing dot on an SNI hostname. Looks easy enough to match that library's validation in the SSLConfig validation.