Nov. 14, 2018
12:59 p.m.
On Wed, 14 Nov 2018, Dmitry Belyavsky wrote:
OpenSSL team does not want to link OpenSSL with, say, libidn (and to implement IDN conversion inside the library for domains). I've found out that 2-3 functions inherited from RFC 3492 will fit all the purposes necessary to implement RFC 8399.
Wait -- surely you know that you can't just punycode any old UTF-8 and expect it to work. I can understand why openssl wouldn't want all of libidn2 but at least you need to check that the strings are all valid IDNA2008 code points. If you don't, you're going to have hard to find bugs with names that look the same but aren't normalized so comparisons will fail. Regards, John Levine, john.levine@standcore.com Standcore LLC