Strip trailing dot from FQDNs in Host and TLS context

[martin-sucha]

Before this patch, the TLS verification fails with an exception if the client uses a fully-qualified domain name with a trailing dot, like https://github.com./ :

aiohttp.client_exceptions.ClientConnectorCertificateError: Cannot connect to host github.com.:443 ssl:True
[SSLCertVerificationError: (1, "[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: Hostname mismatch,
certificate is not valid for 'github.com.'. (_ssl.c:1051)")]

The reason is that TLS certificates do not contain the trailing dot, as per RFC 6066:

"HostName" contains the fully qualified DNS hostname of the server,
as understood by the client. The hostname is represented as a byte
string using ASCII encoding without a trailing dot.

This change makes aiohttp strip the trailing dot for TLS context and Host header, where trailing dots are not present.
For DNS resolution, we include the trailing dot as it signifies a fully-qualified domain name (FQDN).
DNS lookups of FQDNs are faster as the resolver does not need to check DNS search path, like for relative DNS names.

This effectively allows clients to connect to server if URL has dot at the end of the hostname, e.g. `https://example.com./.

Fixes #3636
PR #7364

Co-authored-by: Sviatoslav Sydorenko [email protected]
(cherry picked from commit d84fcf7)

What do these changes do?

Backport #7364 into 3.9

Are there changes in behavior for the user?

Related issue number

Checklist

• I think the code is well written
• Unit tests for the changes exist
• Documentation reflects the changes
• If you provide code modification, please add yourself to CONTRIBUTORS.txt
  • The format is <Name> <Surname>.
  • Please keep alphabetical order, the file is sorted by names.
• Add a new news fragment into the CHANGES folder
  • name it <issue_id>.<type> for example (588.bugfix)
  • if you don't have an issue_id change it to the pr id after creating the pr
  • ensure type is one of the following:
    • .feature: Signifying a new feature.
    • .bugfix: Signifying a bug fix.
    • .doc: Signifying a documentation improvement.
    • .removal: Signifying a deprecation or removal of public API.
    • .misc: A ticket has been closed, but it is not of interest to users.
  • Make sure to use full sentences with correct case and punctuation, for example: "Fix issue with non-ascii contents in doctest text files."

[codecov]

Codecov Report

Merging #7601 (54971a2) into 3.9 (2ac5bbc) will decrease coverage by 0.01%.
Report is 9 commits behind head on 3.9.
The diff coverage is 98.82%.

@@            Coverage Diff             @@
##              3.9    #7601      +/-   ##
==========================================
- Coverage   97.30%   97.30%   -0.01%     
==========================================
  Files         107      107              
  Lines       31679    31715      +36     
  Branches     3669     3684      +15     
==========================================
+ Hits        30824    30859      +35     
  Misses        651      651              
- Partials      204      205       +1     

Flag	Coverage Δ
CI-GHA	97.22% <88.23%> (-0.03%)	⬇️
OS-Linux	96.90% <88.23%> (-0.03%)	⬇️
OS-Windows	94.40% <77.33%> (-0.06%)	⬇️
OS-macOS	96.54% <75.29%> (-0.07%)	⬇️
Py-3.10.11	94.31% <77.33%> (-0.05%)	⬇️
Py-3.10.12	?
Py-3.10.13	96.75% <75.29%> (?)
Py-3.11.4	?
Py-3.11.5	96.46% <77.64%> (?)
Py-3.8.10	94.28% <77.33%> (-0.06%)	⬇️
Py-3.8.17	?
Py-3.8.18	96.68% <75.29%> (?)
Py-3.9.13	94.29% <77.33%> (-0.06%)	⬇️
Py-3.9.17	?
Py-3.9.18	96.72% <75.29%> (?)
Py-pypy7.3.11	96.24% <75.29%> (-0.07%)	⬇️
VM-macos	96.54% <75.29%> (-0.07%)	⬇️
VM-ubuntu	96.90% <88.23%> (-0.03%)	⬇️
VM-windows	94.40% <77.33%> (-0.06%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files Changed	Coverage Δ
tests/conftest.py	91.50% <ø> (ø)
aiohttp/client_reqrep.py	97.68% <91.66%> (-0.17%)	⬇️
aiohttp/client.py	94.90% <100.00%> (+0.02%)	⬆️
aiohttp/client_ws.py	92.41% <100.00%> (+0.10%)	⬆️
aiohttp/connector.py	92.56% <100.00%> (+0.02%)	⬆️
aiohttp/cookiejar.py	98.83% <100.00%> (ø)
aiohttp/helpers.py	95.12% <100.00%> (+0.01%)	⬆️
aiohttp/web_ws.py	93.12% <100.00%> (+0.06%)	⬆️
tests/test_client_request.py	99.61% <100.00%> (+<0.01%)	⬆️
tests/test_client_response.py	99.12% <100.00%> (-0.03%)	⬇️
... and 4 more

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more