[gnutls-dev] Patch to lib/x509/rfc2818_hostname.c

Simon Josefsson simon at josefsson.org
Fri Feb 16 14:29:59 CET 2007


"Richard W.M. Jones" <rjones at redhat.com> writes:

> Not a security problem because CAs you trust ought not to be issuing
> certificates without dnsname and common name (thanks to Tomas Mraz for
> correcting me on this).  But it still seems wrong to be returning that
> the hostname is valid if it has missing/malformed common name.

Hi!  Thanks for the report.  I have created a self-test for this
(tests/hostname-check), to catch any regressions in this area, and
fixed the problem in CVS.

I also noticed that we currently don't support URIs with IP addresses
and CA's with iPAddress SAN's in the comparison function.  I
implemented support for that.

/Simon



More information about the Gnutls-dev mailing list