We're updating the issue view to help you get more done. 

ssl-validate-cert incorrect hostname check

Description

ssl_verify_server_cert() function parses the output of X509_NAME_oneline() to get the value of the /CN=... field. But if this string — "/CN=" — is present as a part of the value of some other field that might cause the output to be parsed incorrectly. See https://wiki.openssl.org/index.php/Hostname_validation for examples of correct hostname validation.

Environment

None

Status

Assignee

Sergei Golubchik

Reporter

Sergei Golubchik

Labels

Components

Fix versions

Affects versions

5.5
10.0
10.1

Priority

Critical