curl / Mailing Lists / curl-library / Single Mail

curl-library

libcurl not verifying proxy url against IP address present in subject alternate name

From: Hemant Kumar via curl-library <curl-library_at_cool.haxx.se>
Date: Wed, 29 Nov 2017 00:42:44 +0530

Hi All,

I am using pycurl (python wrapper of libcurl) to connect to a remote
server(HTTPS) via a proxy(HTTPS).
While establishing SSL connection with the proxy, the certificate shared by
proxy has both CN and SAN entries as below -

Subject: C=IN, ST=KA, L=BGL, O=xxxx, OU=x, *CN=host.cust1.com
<http://host.cust1.com>*/emailAddress=email@domain.com

X509v3 Subject Alternative Name:
DNS:host.cust1.com, *DNS:172.73.74.75*,
DNS:securepr.cust1.com <http://secureprofile.cust1.com>

In my code when I use proxy's FQDN(host.cust1.com) as the proxy URL to
access then the ssl verification works fine but when I try using the
IP Address I get below error -

"SSL: no alternative certificate subject name matches target host name
'172.73.74.75'"

Should not libcurl verify the proxy URL against all the subject alternate
names present in the received certificate or am I missing something here?

Software versions used - PycURL/7.43.0 libcurl/7.56.1

Regards,

Hemant

-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2017-11-29

This message: [ Message body ]
Next message: Daniel Stenberg: "[RELEASE] curl 7.57.0"
Previous message: Dawson, Patrick: "AW: Problem/Crash with libCurl Daily Snapshot and Option CURLSHOPT_SHARE and Parameter CURL_LOCK_DATA_CONNECT"
Next in thread: Ray Satiro via curl-library: "Re: libcurl not verifying proxy url against IP address present in subject alternate name"
Reply: Ray Satiro via curl-library: "Re: libcurl not verifying proxy url against IP address present in subject alternate name"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]