8000 TLSA cert validation · Issue #257 · dnsjava/dnsjava · GitHub
[go: up one dir, main page]
Skip to content
TLSA cert validation #257
New issue
New issue
Copy link
Closed
Closed
TLSA cert validation#257
Milestone
 
v3.5.2
@andrew-boutin

Description

@andrew-boutin
andrew-boutin
opened on Jun 22, 2022

Some rdata for TLSA records, specifically cert values, are allowed that I believe should be rejected per https://datatracker.ietf.org/doc/html/rfc6698#section-2.1.

  • Missing cert.
  • Non-hex char "D6FCE13243AA7-". This contains a '-' that should be rejected. "D6FCE13243AAZ" was rejected correctly which contains 'Z'.
  • Too long. I'm not quite sure what the max should be, but I was able to create the record using over 10k As in a row.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions
      0