[gnutls-dev] Patch to lib/x509/rfc2818_hostname.c

Richard W.M. Jones rjones at redhat.com
Fri Feb 16 12:12:53 CET 2007


Not a security problem because CAs you trust ought not to be issuing 
certificates without dnsname and common name (thanks to Tomas Mraz for 
correcting me on this).  But it still seems wrong to be returning that 
the hostname is valid if it has missing/malformed common name.

Rich.

-- 
Emerging Technologies, Red Hat  http://et.redhat.com/~rjones/
64 Baker Street, London, W1U 7DF     Mobile: +44 7866 314 421
  "[Negative numbers] darken the very whole doctrines of the equations
  and make dark of the things which are in their nature excessively
  obvious and simple" (Francis Maseres FRS, mathematician, 1759)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: rfc2818_hostname.c.patch
Type: text/x-patch
Size: 286 bytes
Desc: not available
Url : /pipermail/attachments/20070216/4eb33189/attachment.bin 


More information about the Gnutls-dev mailing list