bug: The SNI match should be case-insensitive

[tokers]

Issue description

Refer from RFC6066:

"HostName" contains the fully qualified DNS hostname of the server,
as understood by the client. The hostname is represented as a byte
string using ASCII encoding without a trailing dot. This allows the
support of internationalized domain names through the use of A-labels
defined in [RFC5890]. DNS hostnames are case-insensitive. The
algorithm to compare hostnames is described in [RFC5890], Section
2.3.2.4.

The SNI should be case-insensitive, While if the snis field in the SSL object contains some uppercase letters, APISIX doesn't convert them into lowercase, as a result, when SNI sent from the client is all in lowercase, the SNI matching will fail and the SSL handshaking will be aborted.

PS: apisix-dashboard sniffs the snis from the SAN and CN fields from the certificate, it doesn't convert them into lowercase too.

Environment

• apisix version (cmd: apisix version): master
• OS (cmd: uname -a): N/A
• OpenResty / Nginx version (cmd: nginx -V or openresty -V): N/A
• etcd version, if have (cmd: run curl http://127.0.0.1:9090/v1/server_info to get the info from server-info API):
• apisix-dashboard version, if have: N/A
• luarocks version, if the issue is about installation (cmd: luarocks --version): N/A

Steps to reproduce

N/A

Actual result

N/A

Error log

N/A

Expected result

No response

[leslie-tsang]

The SNI should be case-insensitive, While if the snis field in the SSL object contains some uppercase letters, APISIX doesn't convert them into lowercase, as a result, when SNI sent from the client is all in lowercase, the SNI matching will fail and the SSL handshaking will be aborted.

Can't agree more, string.lower seems to be a feasible method