hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oleg Kalnichevski <ol...@apache.org>
Subject [Legal] publicsuffix.org test data; was Re: CVE-2014-3577 postmortem
Date Thu, 28 Aug 2014 09:20:04 GMT
On Thu, 2014-08-21 at 17:50 +0200, Dirk-Willem van Gulik wrote:
> Op 21 aug. 2014, om 15:26 heeft Oleg Kalnichevski <olegk@apache.org> het volgende
geschreven:
> 
> > I have pretty much completely rewritten every bit of code related to
> > hostname verification in SVN trunk. 
> > 
> > https://github.com/apache/httpclient/tree/268d6cc113b305addc4a31a70bd7c3b6d545e337/httpclient/src/main/java/org/apache/http/conn/ssl
> > 
> > I would truly appreciate someone doing a peer review of the changes
> > and / or giving me feedback with regards to further improvements.
> 
> Looks good. Couple of thoughts
> 
> - BAD_COUNTRY_2LDS, BAD_COUNTRY_WILDCARD_PATTERN 
> 
> My guess is that longer term you will get too many specials - and the end game is parsing
something like https://publicsuffix.org/ and specifically 
> 
> 	https://publicsuffix.org/list/effective_tld_names.dat  
> 

Folks

It turns out that we already have a substantial amount of code for
publicsuffix.org support in our 'cookie' module. It was contributed by
Ortwin 'Odi' Glueck some while ago.

I would like to enhance the existing implementation and also extend its
test coverage. 

There is a set of test scenarios distributed by Mozilla, which I would
like to re-use   

http://mxr.mozilla.org/mozilla-central/source/netwerk/test/unit/data/test_psl.txt?raw=1

It is distributed as Creative Commons zero copyright. We can incorporate
those test scenarios. Do we need to add attribution clause to our NOTICE
and Zero Copyright license to our LICENSE file?

What do you think?

Oleg


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org


Mime
View raw message