[gnutls-dev] Patch to lib/x509/rfc2818_hostname.c
simon at josefsson.org
Fri Feb 16 14:29:59 CET 2007
"Richard W.M. Jones" <rjones at redhat.com> writes:
> Not a security problem because CAs you trust ought not to be issuing
> certificates without dnsname and common name (thanks to Tomas Mraz for
> correcting me on this). But it still seems wrong to be returning that
> the hostname is valid if it has missing/malformed common name.
Hi! Thanks for the report. I have created a self-test for this
(tests/hostname-check), to catch any regressions in this area, and
fixed the problem in CVS.
I also noticed that we currently don't support URIs with IP addresses
and CA's with iPAddress SAN's in the comparison function. I
implemented support for that.
More information about the Gnutls-devel