Dan,
Very good point.
Access by IP address didn't work before -- I just checked w/ Xenial / OpenSSL
1.0.0,
and it fails with certification verification error too.
IIUIC this seems reasonable - as the default certificate is the only thing the
server
could send to the client without SNI (which prohibited for IP addresses) to
hint/tell
the server which hostname it wants the certificate for, and the certificate
owners
would need to keep the default certificate up-to-date with all IP addresses the
server
could possibly serve/respond on (it seems unfeasible).
So we should be good on this particular case!
Thanks for catching this.
--
$ lsb_release -cs
xenial
$ dpkg -l | grep libssl1. | awk '{ print $2 }'
libssl1.0.0:amd64
$ mailutil check {imap.gmail.com:993/imap/ssl}INBOX
{cb-in-f109.1e100.net/imap} username: ^C
$ host imap.gmail.com | grep -m1 address
gmail-imap.l.google.com has address 64.233.186.108
$ mailutil check {64.233.186.108:993/imap/ssl}INBOX
Certificate failure for 64.233.186.108: Server name does not match certificate:
/C=US/ST=California/L=Mountain View/O=Google LLC/CN=imap.gmail.com
Certificate failure for 64.233.186.108: Server name does not match certificate:
/C=US/ST=California/L=Mountain View/O=Google LLC/CN=imap.gmail.com
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1834340
Title:
Regression for GMail after libssl upgrade with TLSv1.3
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/asterisk/+bug/1834340/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
