[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [gnutls-dev] Patch to lib/x509/rfc2818_hostname.c
From: |
Simon Josefsson |
Subject: |
Re: [gnutls-dev] Patch to lib/x509/rfc2818_hostname.c |
Date: |
Fri, 16 Feb 2007 14:29:59 +0100 |
User-agent: |
Gnus/5.110006 (No Gnus v0.6) Emacs/22.0.93 (gnu/linux) |
"Richard W.M. Jones" <address@hidden> writes:
> Not a security problem because CAs you trust ought not to be issuing
> certificates without dnsname and common name (thanks to Tomas Mraz for
> correcting me on this). But it still seems wrong to be returning that
> the hostname is valid if it has missing/malformed common name.
Hi! Thanks for the report. I have created a self-test for this
(tests/hostname-check), to catch any regressions in this area, and
fixed the problem in CVS.
I also noticed that we currently don't support URIs with IP addresses
and CA's with iPAddress SAN's in the comparison function. I
implemented support for that.
/Simon