[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[sr #107619] Check hostname of certificate failed with two subdomains in
From: |
Sebastien Helleu |
Subject: |
[sr #107619] Check hostname of certificate failed with two subdomains in hostname |
Date: |
Tue, 08 Mar 2011 12:23:24 +0000 |
User-agent: |
Mozilla/5.0 (Windows NT 5.1; rv:2.0b12) Gecko/20100101 Firefox/4.0b12 |
URL:
<http://savannah.gnu.org/support/?107619>
Summary: Check hostname of certificate failed with two
subdomains in hostname
Project: GnuTLS
Submitted by: flashcode
Submitted on: Tue 08 Mar 2011 01:23:23 PM CET
Category: None
Priority: 5 - Normal
Severity: 3 - Normal
Status: None
Privacy: Public
Assigned to: None
Originator Email:
Open/Closed: Open
Discussion Lock: Any
Operating System: GNU/Linux
_______________________________________________________
Details:
Hi,
I'm WeeChat developer, an irc client, which uses gnutls to connect to irc
servers.
When I connect to freenode using SSL, I receive this certificate:
subject `OU=Domain Control Validated,OU=Gandi Standard Wildcard
SSL,CN=*.freenode.net', issuer `C=FR,O=GANDI SAS,CN=Gandi Standard SSL CA',
RSA key ...
I call function "gnutls_x509_crt_check_hostname (cert, hostname)" to check
hostname with certificate.
If I connect to chat.freenode.net, the hostname check is ok (*.freenode.net
matches chat.freenode.net).
But if I connect to ipv6.chat.freenode.net, the hostname check failed because
*.freenode.net does NOT match ipv6.chat.freenode.net (according to RFC2818 you
are using in your function).
My question are:
* is it a problem in freenode certificate?
* is it ok to use rfc2818 in gnutls to check certificate hostname? shouldn't
*.freenode.net match ipv6.chat.freenode.net ?
Last info, I'm using gnutls 2.10.5 (under debian sid).
Thank you for your help.
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/support/?107619>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
- [sr #107619] Check hostname of certificate failed with two subdomains in hostname,
Sebastien Helleu <=