You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@trafficserver.apache.org by "Uri Shachar (JIRA)" <ji...@apache.org> on 2015/05/16 16:24:59 UTC
[jira] [Resolved] (TS-3608) SSL client code does not validate
upstream hostname
[ https://issues.apache.org/jira/browse/TS-3608?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Uri Shachar resolved TS-3608.
-----------------------------
Resolution: Fixed
Fix Version/s: 6.0.0
Assignee: Uri Shachar
> SSL client code does not validate upstream hostname
> ---------------------------------------------------
>
> Key: TS-3608
> URL: https://issues.apache.org/jira/browse/TS-3608
> Project: Traffic Server
> Issue Type: Bug
> Components: SSL
> Reporter: Uri Shachar
> Assignee: Uri Shachar
> Fix For: 6.0.0
>
>
> Our SSL client side certificate validation does not validate that the upstream certificate actually matches the request hostname/IP.
> Openssl added a check for this (X509_check_host) in 1.0.2 -- but that version is still far from becoming mainstream (and the implementation there is somewhat overcomplicated for our needs).
> Fix is to validate (when client side validation is turned on) according to RFC6125
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)