Details
-
Type:
Bug
-
Status: Closed (View Workflow)
-
Priority:
Critical
-
Resolution: Fixed
-
Affects Version/s: 10.3
-
Component/s: SSL
-
Labels:
Description
(Currently) LibreSSL doesn't calculate the string length of the hostname
that's passed to X509_check_host automatically in case namelen/chklen is 0.
This causes server certificate validation to fail when building MariaDB with
LibreSSL.
The proposed fix makes MariaDB determine the string length passed to
X509_check_host. As there are no ill side-effects (OpenSSL's X509_check_host
also simply calls strlen if namelen == 0, see also X509_check_host(3)), this
wasn't wrapped in any #ifdef like constructs.
Please see here for a proposed patch to modify LibreSSL's behavior:
libressl-portable/openbsd#87