View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0001465||Main CAcert Website||my account||public||2019-08-11 09:02||2019-08-11 09:02|
|Priority||normal||Severity||minor||Reproducibility||have not tried|
|Platform||Main CAcert Website||OS||N/A||OS Version||stable|
|Target Version||Fixed in Version|
|Summary||0001465: domain validation: filter out at least private network IP addresses before trying to validate domain/whatever.|
|Description||The domain validation routine does no filtering before making an attempt to validate.|
At the very least the private range IP-addresses (192.168.?.?, 10.?.?.?, 172.?.?.? etcetera) should be filtered out and an error returned to the user before starting validation.
There is no reason to bother IANA with attempts to validate what we do not even allow to be validated.
Do we even want to issue certificates for ip-addresses? If not it should be even easier to filter these out anything that looks line an IPv4 or IPv6 address.