ssl-validate-cert incorrect hostname check

Description

ssl_verify_server_cert() function parses the output of X509_NAME_oneline() to get the value of the /CN=... field. But if this string — "/CN=" — is present as a part of the value of some other field that might cause the output to be parsed incorrectly. See https://wiki.openssl.org/index.php/Hostname_validation for examples of correct hostname validation.

Environment

None

Status

Assignee

Sergei Golubchik

Reporter

Sergei Golubchik

Labels

External issue ID

None

External issue ID

None

Components

Fix versions

Affects versions

Priority

Critical
Configure