You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2009/04/19 14:00:35 UTC
DO NOT REPLY [Bug 47051] New: "Subject Alternative Name" not used
while checking certificate
https://issues.apache.org/bugzilla/show_bug.cgi?id=47051
Summary: "Subject Alternative Name" not used while checking
certificate
Product: Apache httpd-2
Version: 2.2.11
Platform: All
OS/Version: All
Status: NEW
Keywords: PatchAvailable
Severity: trivial
Priority: P2
Component: mod_ssl
AssignedTo: bugs@httpd.apache.org
ReportedBy: mastamind@users.sourceforge.net
Created an attachment (id=23511)
--> (https://issues.apache.org/bugzilla/attachment.cgi?id=23511)
a patch to mod_ssl search for the server's hostname in the Subject Alternative
Name extension of a x509v3 certificate.
mod_ssl checks the common name part of the server certificate's subject field
if it matches the server hostname. Some x509v3 certificates provide an
extension that may specify additional server names. Those names can be searched
addionally.
(I hope the patch meets apache's coding and quality guidelines.)
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 47051] "Subject Alternative Name" not used while
checking certificate
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=47051
Andreas Kuckartz <A....@ping.de> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |A.Kuckartz@ping.de
Severity|trivial |major
--- Comment #1 from Andreas Kuckartz <A....@ping.de> 2010-11-14 12:57:59 EST ---
Is this issue from April 2009 really still not resolved ?
Firesheep will be happy ...
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 47051] "Subject Alternative Name" not used while
checking certificate
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=47051
--- Comment #3 from Andreas Kuckartz <A....@ping.de> 2010-11-15 01:18:29 EST ---
(In reply to comment #2)
> Does this patch do anything other than suppress a misleading startup warning?
I am only a user trying to find out what to do to use https for several domains
with a single IP-address. And then I found this issue.
If this issue is only about a misleading warning then the summary of the issue
should be changed (because it is misleading).
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 47051] "Subject Alternative Name" not used while
checking certificate
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=47051
--- Comment #2 from Eric Covener <co...@gmail.com> 2010-11-14 13:13:47 EST ---
(In reply to comment #1)
> Is this issue from April 2009 really still not resolved ?
>
> Firesheep will be happy ...
Does this patch do anything other than suppress a misleading startup warning?
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 47051] "Subject Alternative Name" not used while
checking certificate
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=47051
--- Comment #4 from Björn <ma...@users.sourceforge.net> 2010-11-16 09:12:04 EST ---
Hi!
This patch only prevents apache from printing an error message if the server
name was found in one of the certificate's Subject Alternative Names.
This is NOT to a security issue at all.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 47051] "Subject Alternative Name" not used while
checking certificate
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=47051
Kaspar Brand <as...@velox.ch> changed:
What |Removed |Added
----------------------------------------------------------------------------
Keywords|PatchAvailable |FixedInTrunk
Status|NEW |RESOLVED
Version|2.2.11 |2.2-HEAD
Resolution| |DUPLICATE
Severity|major |enhancement
--- Comment #5 from Kaspar Brand <as...@velox.ch> 2011-09-28 06:57:20 UTC ---
Fixed for trunk with r1176752.
*** This bug has been marked as a duplicate of bug 32652 ***
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org