View Issue Details

IDProjectCategoryView StatusLast Update
0001465Main CAcert Websitemy accountpublic2019-08-23 17:02
Reporter. Assigned ToTed  
PrioritynormalSeverityminorReproducibilityhave not tried
Status closedResolutionduplicate 
PlatformMain CAcert WebsiteOSN/AOS Versionstable
Summary0001465: domain validation: filter out at least private network IP addresses before trying to validate domain/whatever.
DescriptionThe domain validation routine does no filtering before making an attempt to validate.
At the very least the private range IP-addresses (192.168.?.?, 10.?.?.?, 172.?.?.? etcetera) should be filtered out and an error returned to the user before starting validation.
There is no reason to bother IANA with attempts to validate what we do not even allow to be validated.

Do we even want to issue certificates for ip-addresses? If not it should be even easier to filter these out anything that looks line an IPv4 or IPv6 address.
Reviewed by
Test Instructions


duplicate of 0001451 new mail addresses 



2019-08-23 17:02

administrator   ~0005824

This is a duplicate of case 0001451, we'll continue to handle the subject there.

And, yes, IMHO we should not issue certificates to IP addresses at all...

Issue History

Date Modified Username Field Change
2019-08-11 09:02 . New Issue
2019-08-11 09:02 . Tag Attached: domain
2019-08-23 17:00 Ted Relationship added duplicate of 0001451
2019-08-23 17:02 Ted Assigned To => Ted
2019-08-23 17:02 Ted Status new => closed
2019-08-23 17:02 Ted Resolution open => duplicate
2019-08-23 17:02 Ted Note Added: 0005824