[jboss-jira] [JBoss JIRA] (WFWIP-102) SNI - hostname notation for sni-mapping element does not conform generic rules

Tue Jan 29 02:45:03 EST 2019

    [ https://issues.jboss.org/browse/WFWIP-102?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13688467#comment-13688467 ] 

Jan Stourac commented on WFWIP-102:
-----------------------------------

This is not issue anymore with new implementation as a property based attribute {{host-context-map}}. Dots don't have to be escaped anymore and asterisk can be used without preceding dot character.

Although asterisk is required to be escaped now. Is it something that can be easily changed somehow [~dlofthouse]? What I am talking about is e.g.:
{code}
/subsystem=elytron/server-ssl-sni-context=serverSslSniCtx:write-attribute(name=host-context-map,value={www.example.com=exampleSslCtxName, "\\*.example.com"=asteriskExampleSslCtxName})
{code}
Without asterisk being escaped, previous command still works, although during the reload operation following error occurrs:
{code}
08:41:50,543 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([
    ("subsystem" => "elytron"),
    ("server-ssl-sni-context" => "serverSslSniCtx")
]) - failure description: {"WFLYCTL0080: Failed services" => {"org.wildfly.security.ssl-context.serverSslSniCtx" => "Failed to start service
    Caused by: java.util.regex.PatternSyntaxException: Dangling meta character '*' near index 0
*.example.com
^"}}
{code}
If it's not feasible to change, let's just document it or check that it is properly documented.

> SNI - hostname notation for sni-mapping element does not conform generic rules
> ------------------------------------------------------------------------------
>
>                 Key: WFWIP-102
>                 URL: https://issues.jboss.org/browse/WFWIP-102
>             Project: WildFly WIP
>          Issue Type: Bug
>         Environment: Wildfly build with undertow and wildfly-core modules build from following sources:
> * https://github.com/stuartwdouglas/undertow/tree/sni
> * https://github.com/stuartwdouglas/wildfly-core/tree/sni
>            Reporter: Jan Stourac
>            Assignee: Darran Lofthouse
>            Priority: Major
>
> Way of configuration of {{sni-mapping}} element in {{server-ssl-sni-context}} is not nice from UX and also does not conform the way it is generally used.
> With current implementation administrator has to use following notation:
> {code}
> .*\.example\.com
> {code}
> This is standard reg-exp notation and is not for easy reading. I think following notation is much better and also is commonly used for this cases:
> {code}
> *.example.com
> {code}
> In other words - simple asterisk is used to match any subdomain and dot in our case does not stand for 'any single character'. Note that is the way it was described in [analysis document|https://github.com/wildfly/wildfly-proposals/pull/67/files#diff-1034d0e71917578a57f62abf7205a43dR49].
> Truth is that with this change we loose some flexibility, e.g. administrator won't be able to configure following:
> {code}
> www\.exa.ple\.com
> {code}
> But I doubt this is a common use case. WDYT?

--
This message was sent by Atlassian Jira
(v7.12.1#712002)