Menu

#1220 Hostname validation fails for certs with empty Subject

closed-fixed
SSL/TLS (37)
5
2013-06-21
2013-05-02
No

Curl incorrectly fails hostname validation for certs with an empty Subject but a matching, critical Subject Alternative Name. Such certificates are valid per RFC 2459 4.1.2.6

The attached Perl test case demonstrates the problem.

curl 7.30.0 (i686-pc-linux-gnu) libcurl/7.30.0 OpenSSL/1.0.1d zlib/1.2.5 c-ares/1.9.1
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp smtp smtps telnet tftp
Features: AsynchDNS IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP

1 Attachments

Discussion

  • John Gardiner Myers

    Proposed fix attached.

     
  • Daniel Stenberg

    Daniel Stenberg - 2013-05-07
    • labels: --> SSL/TLS
    • status: open --> closed-fixed
    • assigned_to: Daniel Stenberg
     
  • Daniel Stenberg

    Daniel Stenberg - 2013-05-07

    Thanks for the report, a slightly edited version of your patch was just pushed as commit bdb396ef2af