←back to thread

Getting ready to issue IP address certificates

(community.letsencrypt.org)
315 points Bogdanp | 1 comments | 25 Jun 25 16:21 UTC | HN request time: 0.208s | source
Show context
timewizard ◴[25 Jun 25 18:11 UTC] No.44380241[source]
I've personally never felt comfortable using regexes to solve production problems. The certificate code referenced here shows why:

https://github.com/mozilla-firefox/firefox/blob/d5979c2a5c2e...

Yikes.

replies(3): >>44380967 #>>44381082 #>>44381215 #
cpburns2009 ◴[25 Jun 25 19:35 UTC] No.44381082[source]
All that regex does is split an IPv6 address into groups of 4 digits, joins them with ":", and collapses any sequence of ":0000:" to "::". I don't see anything problematic with it.
replies(1): >>44381405 #
timewizard ◴[25 Jun 25 20:13 UTC] No.44381405[source]
> and collapses any sequence of ":0000:" to "::"

Which is an error. Any ip like 2001:0000:0000::1 is going to be incorrect. It willingly produces errors. Whoever wrote this didn't even spend a few seconds thinking about the structure of IPv6 addresses.

> I don't see anything problematic with it.

Other than it being completely wrong and requiring a regex to be compiled for an amount of work that's certainly less than the compilation itself.

replies(4): >>44381780 #>>44381818 #>>44381852 #>>44384570 #
1. cpburns2009 ◴[25 Jun 25 21:00 UTC] No.44381780[source]
It only operates on a 32 digit IPv6 address so it won't already be abbreviated. My phrasing was inexact. It replaces only the first sequence of any number of ":0000:" to "::".