Return-Path: X-Original-To: apmail-hc-dev-archive@www.apache.org Delivered-To: apmail-hc-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 65BF411491 for ; Thu, 28 Aug 2014 09:20:39 +0000 (UTC) Received: (qmail 92632 invoked by uid 500); 28 Aug 2014 09:20:33 -0000 Delivered-To: apmail-hc-dev-archive@hc.apache.org Received: (qmail 92610 invoked by uid 500); 28 Aug 2014 09:20:33 -0000 Mailing-List: contact dev-help@hc.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "HttpComponents Project" Delivered-To: mailing list dev@hc.apache.org Received: (qmail 92596 invoked by uid 99); 28 Aug 2014 09:20:33 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 28 Aug 2014 09:20:33 +0000 X-ASF-Spam-Status: No, hits=0.7 required=5.0 tests=SPF_NEUTRAL X-Spam-Check-By: apache.org Received-SPF: neutral (nike.apache.org: local policy) Received: from [5.148.180.21] (HELO kalnich2.nine.ch) (5.148.180.21) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 28 Aug 2014 09:20:07 +0000 Received: from [192.168.42.18] (unknown [213.55.184.195]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by kalnich2.nine.ch (Postfix) with ESMTPSA id EB8D91600AC for ; Thu, 28 Aug 2014 09:20:04 +0000 (UTC) Message-ID: <1409217604.26571.10.camel@ubuntu> Subject: [Legal] publicsuffix.org test data; was Re: CVE-2014-3577 postmortem From: Oleg Kalnichevski To: HttpComponents Project Date: Thu, 28 Aug 2014 11:20:04 +0200 In-Reply-To: <10129193-0E8A-44C9-9097-4D1AC1741029@webweaving.org> References: <7523C7C4-57DF-4788-9FE6-9EC32E1565D4@webweaving.org> <1407946481.19147.6.camel@ubuntu> <1408088529.3857.7.camel@ubuntu> <61F7BA1C-AE91-4ADE-A2BA-2B741D342E4B@webweaving.org> <1408095242.5749.4.camel@ubuntu> <7DDFAB5F-B4E1-4720-A7F0-FC63ED4C9B2D@webweaving.org> <1408103128.7084.0.camel@ubuntu> <53EDFDAE.4020106@apache.org> <1408354584.17162.5.camel@ubuntu> <6720030B-70C7-4364-AAC6-F1E37F0573D2@webweaving.org> <1408627601.28732.4.camel@ubuntu> <10129193-0E8A-44C9-9097-4D1AC1741029@webweaving.org> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.10.4-0ubuntu2 Mime-Version: 1.0 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org On Thu, 2014-08-21 at 17:50 +0200, Dirk-Willem van Gulik wrote: > Op 21 aug. 2014, om 15:26 heeft Oleg Kalnichevski het volgende geschreven: > > > I have pretty much completely rewritten every bit of code related to > > hostname verification in SVN trunk. > > > > https://github.com/apache/httpclient/tree/268d6cc113b305addc4a31a70bd7c3b6d545e337/httpclient/src/main/java/org/apache/http/conn/ssl > > > > I would truly appreciate someone doing a peer review of the changes > > and / or giving me feedback with regards to further improvements. > > Looks good. Couple of thoughts > > - BAD_COUNTRY_2LDS, BAD_COUNTRY_WILDCARD_PATTERN > > My guess is that longer term you will get too many specials - and the end game is parsing something like https://publicsuffix.org/ and specifically > > https://publicsuffix.org/list/effective_tld_names.dat > Folks It turns out that we already have a substantial amount of code for publicsuffix.org support in our 'cookie' module. It was contributed by Ortwin 'Odi' Glueck some while ago. I would like to enhance the existing implementation and also extend its test coverage. There is a set of test scenarios distributed by Mozilla, which I would like to re-use http://mxr.mozilla.org/mozilla-central/source/netwerk/test/unit/data/test_psl.txt?raw=1 It is distributed as Creative Commons zero copyright. We can incorporate those test scenarios. Do we need to add attribution clause to our NOTICE and Zero Copyright license to our LICENSE file? What do you think? Oleg --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org For additional commands, e-mail: dev-help@hc.apache.org