cURL / Mailing Lists / curl-library / Single Mail


Re: [PATCH] GnuTLS: Work around failure to check certs against IP addresses

From: Daniel Stenberg <>
Date: Mon, 14 Jul 2014 20:08:25 +0200 (CEST)

On Sat, 12 Jul 2014, David Woodhouse wrote:

> Before GnuTLS 3.3.6, the gnutls_x509_crt_check_hostname() function didn't
> actually check IP addresses in SubjectAltName, even though it was explicitly
> documented as doing so. So do it ourselves...

Ugh. Thanks for this patch!

I only have one little concern here and that would be those old legacy systems
without IPv6 support. I'll work in a little #ifdef into this before I push.

List admin:
Received on 2014-07-14