Re: [gnutls-dev] Patch to lib/x509/rfc2818

gnutls-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [gnutls-dev] Patch to lib/x509/rfc2818_hostname.c

From:	Simon Josefsson
Subject:	Re: [gnutls-dev] Patch to lib/x509/rfc2818_hostname.c
Date:	Fri, 16 Feb 2007 14:29:59 +0100
User-agent:	Gnus/5.110006 (No Gnus v0.6) Emacs/22.0.93 (gnu/linux)

"Richard W.M. Jones" <address@hidden> writes:

> Not a security problem because CAs you trust ought not to be issuing
> certificates without dnsname and common name (thanks to Tomas Mraz for
> correcting me on this).  But it still seems wrong to be returning that
> the hostname is valid if it has missing/malformed common name.

Hi!  Thanks for the report.  I have created a self-test for this
(tests/hostname-check), to catch any regressions in this area, and
fixed the problem in CVS.

I also noticed that we currently don't support URIs with IP addresses
and CA's with iPAddress SAN's in the comparison function.  I
implemented support for that.

/Simon

[Prev in Thread]

Current Thread

[Next in Thread]

[gnutls-dev] Patch to lib/x509/rfc2818_hostname.c, Richard W.M. Jones, 2007/02/16
- Re: [gnutls-dev] Patch to lib/x509/rfc2818_hostname.c, Simon Josefsson <=

Prev by Date: [gnutls-dev] Patch to lib/x509/rfc2818_hostname.c
Next by Date: Re: [gnutls-dev] pkg-config file for libgnutls
Previous by thread: [gnutls-dev] Patch to lib/x509/rfc2818_hostname.c
Next by thread: [gnutls-dev] GnuTLS 1.7.7
Index(es):
- Date
- Thread