https://bugzilla.wikimedia.org/show_bug.cgi?id=73199
Bug ID: 73199
Summary: PhpHttpRequest should not check host against CN x509
attribute
Product: MediaWiki
Version: 1.25-git
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: Unprioritized
Component: General/Unknown
Assignee: [email protected]
Reporter: [email protected]
Web browser: ---
Mobile Platform: ---
In the class PhpHttpRequest (file includes/HttpFunctions.php, used when CURL is
not installed), the option 'sslVerifyHost' is translated by checking the 'CN'
x509 attribute against the host, which is now deprecated with x509 certificate
v3 with subjectAltName and this avoid the operation although it was correct.
In particular, this can be observed with `$wgInstantCommons = true' on an HTTPS
wiki without php-curl installed, because the commons.wikimedia.org certificate
has a CN attribute *.wikipedia.org and commons.wikimedia.org is only in the
subjectAltName attribute.
--
You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.
_______________________________________________
Wikibugs-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
