Jennifer-first created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1711
## Description of problem: During testing of GnuTLS certificate verification, we observed that gnutls-cli accepts a server certificate whose Common Name (CN) does not match the hostname of the server it connects to (localhost). This may allow a Man-in-the-Middle (MitM) attack if hostname verification is improperly implemented or omitted.[deepseek.py](/uploads/932d7a897a12f310fb2e45e8be4d59f0/deepseek.py) ## Version of gnutls used: gnutls 3.7.3 ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) Ubuntu ## How reproducible: Steps to Reproduce: * one:python3 deepseek.py ## Actual results: The connection succeeds and the certificate is accepted, even though the Common Name does not match the hostname. This behavior may indicate that hostname verification is either missing or not enabled by default.  ## Expected results: GnuTLS should reject the certificate because the CN in the server certificate (WrongServer) does not match the target hostname (localhost). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1711 You're receiving this email because of your account on gitlab.com.
_______________________________________________ Gnutls-devel mailing list Gnutls-devel@lists.gnutls.org http://lists.gnupg.org/mailman/listinfo/gnutls-devel
