---------- Forwarded message ---------- Date: Fri, 6 Aug 2021 13:14:32 From: Thorsten Glaser <[email protected]> To: [email protected] Subject: [Lynx-dev] bug in SSL certificate validation Hi, this affects both OpenSSL and Debian?s nonGNUtls builds: lynx https://user:pass@host/ ? will lead to? SSL error:host(user:pass@host)!=cert(CN<mainhost>:SAN<DNS=host>:SAN<DNS=otherhost> ? for OpenSSL lynx and? SSL error:host(user:pass@host)!=cert(CN<mainhost>)-Continue? (n) ? for nonGNUtls lynx. Obviously, user:pass@ need to be stripped before comparing. The nonGNUtls version could also be changed to display the subjectAltName''s the certificate has like the OpenSSL one does (after my patch from ages ago; no, I?m not going to code for nonGNUtls). bye, //mirabilos -- Gestern Nacht ist mein IRC-Netzwerk explodiert. Ich hatte nicht damit gerechnet, darum bin ich blutverschmiert? wer konnte ahnen, da? SIE so reagier?n? gestern Nacht ist mein IRC-Netzwerk explodiert~~~ (as of 2021-06-15 The MirOS Project temporarily reconvenes on OFTC) _______________________________________________ Lynx-dev mailing list [email protected] https://lists.nongnu.org/mailman/listinfo/lynx-dev
