[MDEV-9212] ssl-validate-cert incorrect hostname check Created: 2015-11-30 Updated: 2016-01-23 Resolved: 2015-12-08 |
|
| Status: | Closed |
| Project: | MariaDB Server |
| Component/s: | SSL |
| Affects Version/s: | 5.5, 10.0, 10.1 |
| Fix Version/s: | 5.5.47, 10.0.23, 10.1.10 |
| Type: | Bug | Priority: | Critical |
| Reporter: | Sergei Golubchik | Assignee: | Sergei Golubchik |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | upstream | ||
| Description |
|
ssl_verify_server_cert() function parses the output of X509_NAME_oneline() to get the value of the /CN=... field. But if this string — "/CN=" — is present as a part of the value of some other field that might cause the output to be parsed incorrectly. See https://wiki.openssl.org/index.php/Hostname_validation for examples of correct hostname validation. |