(community.letsencrypt.org)

314 points Bogdanp | 1 comments | 25 Jun 25 16:21 UTC | HN request time: 0s | source

Show context

timewizard ◴[25 Jun 25 18:11 UTC] No.44380241[source]▶

I've personally never felt comfortable using regexes to solve production problems. The certificate code referenced here shows why:

https://github.com/mozilla-firefox/firefox/blob/d5979c2a5c2e...

Yikes.

replies(3): >>44380967 #>>44381082 #>>44381215 #

cpburns2009 ◴[25 Jun 25 19:35 UTC] No.44381082[source]▶

>>44380241 #

All that regex does is split an IPv6 address into groups of 4 digits, joins them with ":", and collapses any sequence of ":0000:" to "::". I don't see anything problematic with it.

replies(1): >>44381405 #

timewizard ◴[25 Jun 25 20:13 UTC] No.44381405[source]▶

>>44381082 #

> and collapses any sequence of ":0000:" to "::"

Which is an error. Any ip like 2001:0000:0000::1 is going to be incorrect. It willingly produces errors. Whoever wrote this didn't even spend a few seconds thinking about the structure of IPv6 addresses.

> I don't see anything problematic with it.

Other than it being completely wrong and requiring a regex to be compiled for an amount of work that's certainly less than the compilation itself.

replies(4): >>44381780 #>>44381818 #>>44381852 #>>44384570 #

1. ephou7 ◴[25 Jun 25 21:08 UTC] No.44381852[source]▶

>>44381405 #

> Other than it being completely wrong and requiring a regex to be compiled for an amount of work that's certainly less than the compilation itself.

It's not. And the sequence you describe is not even parsed because colons are not part of the IPv6 extension of the SAN. PLease educate yourself before spilling such drivel.

↑

Getting ready to issue IP address certificates