Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code | Sign in
(4232)

Issue 1505: Fix two minor errors in hostname validation. (Closed)

Can't Edit
Can't Publish+Mail
Start Review
Created:
5 months, 3 weeks ago by derf
Modified:
1 month ago
Reviewers:
mark4o, tdaede
Visibility:
Public.

Description

RFC 6125 says that if the host is an IP address, a subjectAltName of
 type iPAddress must (no 2119 caps) be present and must be used.
We would still fall back to checking the Common Name if no
 subjectAltName was present.

https://marc.info/?l=openssl-dev&m=139617145216047&w=2 interprets
 RFC 6125 to say that if the host is a DNS name, but the certificate
 only contains a subjectAltName of type iPAddress, then we should
 still fall back to checking the Common Name.
We would only check the Common Name if there was no subjectAltName
 of any type.

Restructure the hostname validation to IP addresses up-front and
 fall back to checking the Common Name in the proper cases.

Patch Set 1 #

Patch Set 2 : Fix two minor errors in hostname validation. #

Unified diffs Side-by-side diffs Delta from patch set Stats Patch
M src/http.c View 1 1 chunk +145 lines, -131 lines 0 comments Download

Messages

Total messages: 4
derf
5 months, 3 weeks ago #1
derf
4 months, 2 weeks ago #2
tdaede
r+
1 month ago #3
derf
1 month ago #4

RSS Feeds Recent Issues | This issue
This is Rietveld