cURL / Mailing Lists / curl-users / Single Mail

curl-users

[ curl-Bugs-634700 ] certificate checking is broken

From: <noreply_at_sourceforge.net>
Date: Wed, 06 Nov 2002 14:47:25 -0800

Bugs item #634700, was opened at 2002-11-06 23:47
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100976&aid=634700&group_id=976

Category: https
Group: bad behaviour
Status: Open
Resolution: None
Priority: 5
Submitted By: Philippe Raoult (phir)
Assigned to: Daniel Stenberg (bagder)
Summary: certificate checking is broken

Initial Comment:
i've already made a patch for ssluse.c (attached).
the certificate name is checked with strequal against
the hostname we're trying to connect to and this fails
quite often. Certificates are often issued for whole
domains
or with wildcards.
curl -v https://www.sourceforge.net/ and
curl -v https://sourceforge.net/ is the easiest way to
make this
one show up. The enclosed patch fixes the issue by
checking first
with strstr then with peer_CN + 1 when the first
caracter is a "*"
(wildcard name).

----------------------------------------------------------------------

You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100976&aid=634700&group_id=976

-------------------------------------------------------
This sf.net email is sponsored by: See the NEW Palm
Tungsten T handheld. Power & Color in a compact size!
http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en
Received on 2002-11-06