)]}'
{
  "commit": "f8560614bab07ea1beea7bfb204cfa9d521d2484",
  "tree": "7efadffdfbccf9c06be3b67d654420da41d89776",
  "parents": [
    "af44ce270edf2f3f6c9e80b84f46bd6dd6f657d0"
  ],
  "author": {
    "name": "Aofei Sheng",
    "email": "aofei@aofeisheng.com",
    "time": "Mon Apr 22 17:01:29 2019 +0000"
  },
  "committer": {
    "name": "Brad Fitzpatrick",
    "email": "bradfitz@golang.org",
    "time": "Mon Apr 22 17:19:13 2019 +0000"
  },
  "message": "acme/autocert: make host of TLS certificate to be obtained always Punycode\n\nAccording to the [RFC 5280, section 4.2.1.6](https://tools.ietf.org/html/rfc5280#section-4.2.1.6):\n\n\u003e ...\n\u003e When the subjectAltName extension contains a domain name system\n\u003e label, the domain name MUST be stored in the dNSName (an IA5String).\n\u003e The name MUST be in the \"preferred name syntax\", as specified by\n\u003e Section 3.5 of [RFC1034] and as modified by Section 2.1 of\n\u003e [RFC1123].  Note that while uppercase and lowercase letters are\n\u003e allowed in domain names, no significance is attached to the case.\n\u003e ...\n\nAnd the [RFC 1034, section 3.5](https://tools.ietf.org/html/rfc1034#section-3.5):\n\n\u003e ...\n\u003e Note that while upper and lower case letters are allowed in domain\n\u003e names, no significance is attached to the case.  That is, two names with\n\u003e the same spelling but different case are to be treated as if identical.\n\u003e ...\n\nWe should return the same TLS certificate for both `example.com` and `EXAMPLE.COM`. But the `autocert.Manager.GetCertificate` treats the two as totally different, it signs and returns two different TLS certificates.\n\nMoreover, now the `autocert.Manager.GetCertificate` and the `autocert.HostWhitelist` can only handle Punycode IDN. If the client sends a Unicode IDN to `autocert.Manager.GetCertificate` (cURL is doing this), the \"Invalid character in DNS name\" error will be triggered.\n\nThis PR corrects these problems by converting the host of the TLS certificate to be obtained to Punycode via `idna.Lookup.ToASCII`.\n\nChange-Id: I993821b3a6ae532a53772e2db00524479ef111af\nGitHub-Last-Rev: 6c12694574b6ac71a920da8a8bdb130c0b6e0272\nGitHub-Pull-Request: golang/crypto#85\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/171997\nReviewed-by: Brad Fitzpatrick \u003cbradfitz@golang.org\u003e\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "a50d9bfc95853f67060c62befc579b6f30511fdc",
      "old_mode": 33188,
      "old_path": "acme/autocert/autocert.go",
      "new_id": "e562609cc7b58196b364cee1502988d5359c4355",
      "new_mode": 33188,
      "new_path": "acme/autocert/autocert.go"
    },
    {
      "type": "modify",
      "old_id": "95e12e16e984d6e13ef5d6c45137fd888323aa34",
      "old_mode": 33188,
      "old_path": "acme/autocert/autocert_test.go",
      "new_id": "91f47e5434c3d8583658e3e117f42bb7689ac907",
      "new_mode": 33188,
      "new_path": "acme/autocert/autocert_test.go"
    },
    {
      "type": "modify",
      "old_id": "d2b06cac51c07141bceac528493b19dd8f2522fb",
      "old_mode": 33188,
      "old_path": "go.mod",
      "new_id": "c4af3ec41481a7f0e453c24426bf90ddb724e4ef",
      "new_mode": 33188,
      "new_path": "go.mod"
    },
    {
      "type": "modify",
      "old_id": "be205598d22d1185033d9344e9662f941f9a3432",
      "old_mode": 33188,
      "old_path": "go.sum",
      "new_id": "44da4982500e0085d7752cf6e9962a52993e9469",
      "new_mode": 33188,
      "new_path": "go.sum"
    }
  ]
}