Domain names ending with dot – SSL error

Issue #5307263 • Assigned to Rob T.

Details

Created
Nov 3, 2015
Privacy
This issue is public.
Reports
Reported by 1 person

Sign in to watch or report this issue.

Steps to reproduce

URL:

Repro Steps:

Go to https://  y a n d e x .ru . (remove spaces)
Certificate error.

Expected Results:

No error with certificate. Fully qualified domain names are part of spec.

Actual Results:

Dev Channel specific:

Yes

Attachments

0 attachments

    Comments and activity

    • Microsoft Edge Team

      Changed Assigned To to “Sermet I.”

      Changed Assigned To to “Venkat K.”

      Changed Assigned To from “Venkat K.” to “Rajat J.”

      Changed Assigned To from “Rajat J.” to “IE S.”

      Changed Status to “Not reproducible”

      Changed Assigned To from “IE S.” to “Rajat J.”

      Changed Status from “Not reproducible”

      Changed Assigned To from “Rajat J.” to “Rob T.”

    • Manual copy of comments from https://connect.microsoft.com/IE/Feedback/Details/1558284

      When performing subject name validation, SChannel (and thus IE and .NET) will reject as a mismatch a certificate containing a SubjectCN of “example.com” if the user attempts to access the site using the equivalent hostname with the trailing dot "example.com."; generally, this seems innocuous but notably both Firefox and Chrome accept this as a “match” and thus this could be considered an interoperability issue.

      https://tools.ietf.org/html/rfc6125#section-6.4.1 seems like the relevant section of the RFC.

      The maintainer of curl notes that its behavior also matches Chrome/Firefox.

    • Microsoft Edge Team

      Changed Steps to Reproduce

      Changed Assigned To from “Rob T.” to “James M.”

      Changed Assigned To from “James M.” to “Rob T.”

    You need to sign in to your Microsoft account to add a comment.

    Sign in