[sr #107619] Check hostname of certificate failed with two subdomains in hostname
Sebastien Helleu
INVALID.NOREPLY at gnu.org
Tue Mar 8 13:23:24 CET 2011
URL:
<http://savannah.gnu.org/support/?107619>
Summary: Check hostname of certificate failed with two
subdomains in hostname
Project: GnuTLS
Submitted by: flashcode
Submitted on: Tue 08 Mar 2011 01:23:23 PM CET
Category: None
Priority: 5 - Normal
Severity: 3 - Normal
Status: None
Privacy: Public
Assigned to: None
Originator Email:
Open/Closed: Open
Discussion Lock: Any
Operating System: GNU/Linux
_______________________________________________________
Details:
Hi,
I'm WeeChat developer, an irc client, which uses gnutls to connect to irc
servers.
When I connect to freenode using SSL, I receive this certificate:
subject `OU=Domain Control Validated,OU=Gandi Standard Wildcard
SSL,CN=*.freenode.net', issuer `C=FR,O=GANDI SAS,CN=Gandi Standard SSL CA',
RSA key ...
I call function "gnutls_x509_crt_check_hostname (cert, hostname)" to check
hostname with certificate.
If I connect to chat.freenode.net, the hostname check is ok (*.freenode.net
matches chat.freenode.net).
But if I connect to ipv6.chat.freenode.net, the hostname check failed because
*.freenode.net does NOT match ipv6.chat.freenode.net (according to RFC2818 you
are using in your function).
My question are:
* is it a problem in freenode certificate?
* is it ok to use rfc2818 in gnutls to check certificate hostname? shouldn't
*.freenode.net match ipv6.chat.freenode.net ?
Last info, I'm using gnutls 2.10.5 (under debian sid).
Thank you for your help.
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/support/?107619>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
More information about the Gnutls-devel
mailing list