cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: [PATCH] GnuTLS: Work around failure to check certs against IP addresses

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Mon, 14 Jul 2014 20:08:25 +0200 (CEST)

On Sat, 12 Jul 2014, David Woodhouse wrote:

> Before GnuTLS 3.3.6, the gnutls_x509_crt_check_hostname() function didn't
> actually check IP addresses in SubjectAltName, even though it was explicitly
> documented as doing so. So do it ourselves...

Ugh. Thanks for this patch!

I only have one little concern here and that would be those old legacy systems
without IPv6 support. I'll work in a little #ifdef into this before I push.

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html

Received on 2014-07-14

This message: [ Message body ]
Next message: Daniel Stenberg: "Re: Fix deadlock patch in "FLUSH" cookie and more"
Previous message: Daniel Stenberg: "Re: getpwuid_r on Solaris and _POSIX_PTHREAD_SEMANTICS"
In reply to: David Woodhouse: "[PATCH] GnuTLS: Work around failure to check certs against IP addresses"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]