[JBoss JIRA] (WFWIP-102) SNI - hostname notation for sni-mapping element does not conform generic rules - jboss-jira

Tuesday, 29 January 2019

    [
https://issues.jboss.org/browse/WFWIP-102?page=com.atlassian.jira.plugin....
] 

Jan Stourac commented on WFWIP-102:
-----------------------------------

This is not issue anymore with new implementation as a property based attribute
{{host-context-map}}. Dots don't have to be escaped anymore and asterisk can be used
without preceding dot character.

Although asterisk is required to be escaped now. Is it something that can be easily
changed somehow [~dlofthouse]? What I am talking about is e.g.:
{code}
/subsystem=elytron/server-ssl-sni-context=serverSslSniCtx:write-attribute(name=host-context-map,value={www.example.com=exampleSslCtxName,
"\\*.example.com"=asteriskExampleSslCtxName})
{code}
Without asterisk being escaped, previous command still works, although during the reload
operation following error occurrs:
{code}
08:41:50,543 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread)
WFLYCTL0013: Operation ("add") failed - address: ([
    ("subsystem" => "elytron"),
    ("server-ssl-sni-context" => "serverSslSniCtx")
]) - failure description: {"WFLYCTL0080: Failed services" =>
{"org.wildfly.security.ssl-context.serverSslSniCtx" => "Failed to start
service
    Caused by: java.util.regex.PatternSyntaxException: Dangling meta character '*'
near index 0
*.example.com
^"}}
{code}
If it's not feasible to change, let's just document it or check that it is
properly documented.

...
 SNI - hostname notation for sni-mapping element does not conform
generic rules
 ------------------------------------------------------------------------------

                 Key: WFWIP-102
                 URL: https://issues.jboss.org/browse/WFWIP-102
             Project: WildFly WIP
          Issue Type: Bug
         Environment: Wildfly build with undertow and wildfly-core modules build from
following sources:
 * https://github.com/stuartwdouglas/undertow/tree/sni
 * https://github.com/stuartwdouglas/wildfly-core/tree/sni
            Reporter: Jan Stourac
            Assignee: Darran Lofthouse
            Priority: Major

 Way of configuration of {{sni-mapping}} element in {{server-ssl-sni-context}} is not nice
from UX and also does not conform the way it is generally used.
 With current implementation administrator has to use following notation:
 {code}
 .*\.example\.com
 {code}
 This is standard reg-exp notation and is not for easy reading. I think following notation
is much better and also is commonly used for this cases:
 {code}
 *.example.com
 {code}
 In other words - simple asterisk is used to match any subdomain and dot in our case does
not stand for 'any single character'. Note that is the way it was described in
[analysis
document|https://github.com/wildfly/wildfly-proposals/pull/67/files#diff-...].
 Truth is that with this change we loose some flexibility, e.g. administrator won't be
able to configure following:
 {code}
 www\.exa.ple\.com
 {code}
 But I doubt this is a common use case. WDYT? 

--
This message was sent by Atlassian Jira
(v7.12.1#712002)

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

[JBoss JIRA] (WFWIP-102) SNI - hostname notation for sni-mapping element does not conform generic rules