curl / Mailing Lists / curl-library / Single Mail

Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

A CN-only certificate verification regression

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

From: Daniel Stenberg via curl-library <curl-library_at_lists.haxx.se>
Date: Tue, 8 Mar 2022 14:14:46 +0100 (CET)

Hello team,

Issue #8559 was submitted, identifying a flaw in the OpenSSL backend when
curl's verified the CN field of a certificate. It returns error ("out of
memory") for all such certficates. The fix is straight-forward and should land
shortly [#8560].

I'm just telling you this to keep the wider user base informed. I don't
consider this problem serious enough for a patch release. Public CAs don't
allow certificates with CN-only (thus avoding this bug), and according to
stats (linked to in the issue), only 1.57% of private CAs use this feature.

Of course, if you think otherwise I'm sure you'll let me know.

#8559 = https://github.com/curl/curl/issues/8559
#8560 = https://github.com/curl/curl/pull/8560

-- 
  / daniel.haxx.se
  | Commercial curl support up to 24x7 is available!
  | Private help, bug fixes, support, ports, new features
  | https://curl.se/support.html
-- 
Unsubscribe: https://lists.haxx.se/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

Received on 2022-03-08

This message: [ Message body ]
Next message: Daniel Stenberg via curl-library: "a little mailing list glitch"
Previous message: vin9999 via curl-library: "Re: connectimeout"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]