What version of gRPC are you using?

1.10.0

What did you expect to see?

Background: I'm using mutual TLS with a LAN client that presents an IPv6 link-local address as an IP SAN in its X509 certificate.

I expected to call OkHttpChannelBuilder.overrideAuthority("FE80::FABB:BFFF:FE01:3A52") to allow hostname verification to pass.

Instead, this call yields an IllegalArgumentException("No host in authority"). If I instead represent the authority as "[FE80::FABB:BFFF:FE01:3A52]", OkHostnameVerifier's VERIFY_AS_IP_ADDRESS regex does not match the address (correctly, I believe, as the square brackets are just a URL disambiguation detail and not part of the hostname), and so the verify mechanism ignores the IP SAN entries.

If you agree this behavior should be changed I'm happy to submit a PR. Perhaps we'd modify GrpcUtil#checkAuthority to strip square brackets from a validated hostname?

Message Sequence Charts (Click to expand)

With OkHttpChannelBuilder.overrideAuthority("FE80::FABB:BFFF:FE01:3A52"):

With OkHttpChannelBuilder.overrideAuthority("[FE80::FABB:BFFF:FE01:3A52]"):