[jira] [Commented] (TS-3608) SSL client code does not validate upstream hostname

ASF subversion and git services (JIRA) Sat, 16 May 2015 07:23:17 -0700

    [ 
https://issues.apache.org/jira/browse/TS-3608?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14546774#comment-14546774
 ]


ASF subversion and git services commented on TS-3608:
-----------------------------------------------------

Commit 1649abc30e932bef203d991bbb693a52ba64c248 in trafficserver's branch 
refs/heads/master from [~ushachar]
[ https://git-wip-us.apache.org/repos/asf?p=trafficserver.git;h=1649abc ]

TS-3608: Add client side hostname validation for SSL connection


> SSL client code does not validate upstream hostname
> ---------------------------------------------------
>
>                 Key: TS-3608
>                 URL: https://issues.apache.org/jira/browse/TS-3608
>             Project: Traffic Server
>          Issue Type: Bug
>          Components: SSL
>            Reporter: Uri Shachar
>
> Our SSL client side certificate validation does not validate that the 
> upstream certificate actually matches the request hostname/IP.
> Openssl added a check for this (X509_check_host) in 1.0.2 -- but that version 
> is still far from becoming mainstream (and the implementation there is 
> somewhat overcomplicated for our needs).
> Fix is to validate (when client side validation is turned on) according to 
> RFC6125



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (TS-3608) SSL client code does not validate upstream hostname

Reply via email to