On Fri, May 16, 2014 at 12:17:33AM +0100, Jeremy Harris wrote: > Created an attachment (id=728) > --> (http://bugs.exim.org/attachment.cgi?id=728) > prototype patch
You SHOULD NOT join all the altName values with newlines, and then split that to recover the altnames. Hostile certificates might contain embedded newlines in the subjectAltName. I doubt that all CA's check this (just like they allowed embeded NULs in the subject name or altName). ASN.1 strings can contain NUL octets, and are not C strings. This implementation leaves the potential problem unchecked. Later, for DANE, you'll need to allow multiple names any one of which might match the peer certificate. You also should probably support wildcards "*.example.com". See http://www.postfix.org/postconf.5.html#smtp_tls_secure_cert_match So this feature probably should support multiple names from the outset. Especially because some MX hosts have certificates that match the next-hop domain (LHS of MX lookup), and others the MX hostname or something else entirely. -- Viktor. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
