[MDEV-9212] ssl-validate-cert incorrect hostname check - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Critical
Resolution: Fixed
Affects Version/s: 5.5(EOL), 10.0(EOL), 10.1(EOL)
Fix Version/s: 5.5.47, 10.0.23, 10.1.10
Component/s: SSL
Labels:
- upstream

Description

ssl_verify_server_cert() function parses the output of X509_NAME_oneline() to get the value of the /CN=... field. But if this string — "/CN=" — is present as a part of the value of some other field that might cause the output to be parsed incorrectly. See https://wiki.openssl.org/index.php/Hostname_validation for examples of correct hostname validation.

Attachments

Issue Links

links to

CVE-2016-2047

Activity

People

Assignee:: Sergei Golubchik

Reporter:: Sergei Golubchik

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 2015-11-30 19:20

Updated:: 2016-01-23 13:43

Resolved:: 2015-12-08 12:04

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

1.5h

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.