Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
A CN-only certificate verification regression
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Daniel Stenberg via curl-library <curl-library_at_lists.haxx.se>
Date: Tue, 8 Mar 2022 14:14:46 +0100 (CET)
Hello team,
Issue #8559 was submitted, identifying a flaw in the OpenSSL backend when
curl's verified the CN field of a certificate. It returns error ("out of
memory") for all such certficates. The fix is straight-forward and should land
shortly [#8560].
I'm just telling you this to keep the wider user base informed. I don't
consider this problem serious enough for a patch release. Public CAs don't
allow certificates with CN-only (thus avoding this bug), and according to
stats (linked to in the issue), only 1.57% of private CAs use this feature.
Of course, if you think otherwise I'm sure you'll let me know.
#8559 = https://github.com/curl/curl/issues/8559
#8560 = https://github.com/curl/curl/pull/8560
Date: Tue, 8 Mar 2022 14:14:46 +0100 (CET)
Hello team,
Issue #8559 was submitted, identifying a flaw in the OpenSSL backend when
curl's verified the CN field of a certificate. It returns error ("out of
memory") for all such certficates. The fix is straight-forward and should land
shortly [#8560].
I'm just telling you this to keep the wider user base informed. I don't
consider this problem serious enough for a patch release. Public CAs don't
allow certificates with CN-only (thus avoding this bug), and according to
stats (linked to in the issue), only 1.57% of private CAs use this feature.
Of course, if you think otherwise I'm sure you'll let me know.
#8559 = https://github.com/curl/curl/issues/8559
#8560 = https://github.com/curl/curl/pull/8560
-- / daniel.haxx.se | Commercial curl support up to 24x7 is available! | Private help, bug fixes, support, ports, new features | https://curl.se/support.html -- Unsubscribe: https://lists.haxx.se/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.htmlReceived on 2022-03-08