Re: [Bug-wget] Overly permissive hostname matching

[Jeffrey Walton]

On Thu, Mar 20, 2014 at 5:52 PM, Tim Rühsen <address@hidden> wrote:
> Am Mittwoch, 19. März 2014, 10:59:05 schrieb Daniel Kahn Gillmor:
>> I'm imagining a C library API that has a public suffix list context
>> object that can do efficient lookups (however we define the lookups),
>> and the library would bundle a pre-compiled context, based on the
>> currently-known public suffix list.
>>
>> something like:
>>
>> ---------------
>> struct psl_ctx;
>> typedef struct psl_ctx * psl_ctx_t;
>> const psl_ctx_t psl_builtin;
>>
>> psl_ctx_t psl_new_ctx_from_filename(const char* filename);
>> psl_ctx_t psl_new_ctx_from_fd(int fd);
>> void psl_free_ctx(psl_ctx_t ctx);
>>
>> /*
>>   query forms, very rough draft -- do we need both?
>>   need to consider memory allocation responsibilities and
>>   DNS internationalization/canonicalization issues
>> */
>>
>> const char* psl_get_public_suffix(const psl_ctx_t, const char* domain);
>> const char* psl_get_registered_domain(const psl_ctx_t, const char* d);
>> ---------------
>
> I broke out the public suffix code together and created a first go (really 
> very
> quick, distcheck fails - couldn't figure out this evening).
>
> https://github.com/rockdaboot/libpsl
>
> The first step was a psl_is_tld() function.
> There is a test case for some major things (wildcards, exceptions).
>
> I hope there will be some interest and some contributions...
Yes, I'd be interested. Especially since Angel pointed out failures in
my use of the PSL (the close-open failures are troubling to me).

I had a sidebar with one of the OpenSSL devs because OpenSSL is
cutting in hostname matching in version 1.0.2.

He shared a link to a IETF working group on the subject:
https://www.ietf.org/mailman/listinfo/dbound.

Jeff