diff options
| author | elly <elly@leptoquark.net> | 2013-02-27 10:50:25 -0500 |
|---|---|---|
| committer | elly <elly@leptoquark.net> | 2013-02-27 11:59:32 -0500 |
| commit | ceb1fe26c3136fc206101b757bdae298e729acf9 (patch) | |
| tree | 4f60ea475bce4c4546fe9a24b4a7fddb263a2239 /CHANGELOG | |
| parent | ed9d643ea475d65bec106461339d8daa42ac6574 (diff) | |
| download | tlsdate-ceb1fe26c3136fc206101b757bdae298e729acf9.tar.gz | |
tlsdate-helper: fix SAN checking
Right now, SAN checking checks against the host we're opening a socket to
instead of the host we're actually trying to talk to, which is fine... as long
as we don't have a proxy. Note that this problem only manifests for hosts whose
CN is not equal to their hostname (so the default host of www.ptb.de is fine).
To observe the problem:
$ ssh -D 127.0.0.1:30000 somehost
$ tlsdate -H clients3.google.com -x socks5://127.0.0.1:30000
hostname verification failed for host 127.0.0.1!
child process failed in SSL handshake
With this fix, you instead see no output.
Signed-off-by: Elly Fong-Jones <ellyjones@chromium.org>
Diffstat (limited to 'CHANGELOG')
| -rw-r--r-- | CHANGELOG | 1 |
1 files changed, 1 insertions, 0 deletions
@@ -1,5 +1,6 @@ 0.0.7 TBD Add -x option to tlsdated to override source proxies. + Correctly check SANs against target host when using proxies. 0.0.6 Mon 18 Feb, 2013 Ensure that tlsdate compiles with g++ by explicit casting rather than implicit casting by whatever compiler is compiling tlsdate. |