[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[Lynx-dev] bug in SSL certificate validation (fwd)

---------- Forwarded message ----------
Date: Fri, 6 Aug 2021 13:14:32
From: Thorsten Glaser <tg@mirbsd.de>
To: lynx-dev@nongnu.org
Subject: [Lynx-dev] bug in SSL certificate validation


this affects both OpenSSL and Debian?s nonGNUtls builds:

lynx https://user:pass@host/

? will lead to?

SSL error:host(user:pass@host)!=cert(CN<mainhost>:SAN<DNS=host>:SAN<DNS=otherhost>

? for OpenSSL lynx and?

SSL error:host(user:pass@host)!=cert(CN<mainhost>)-Continue? (n)

? for nonGNUtls lynx.

Obviously, user:pass@ need to be stripped before comparing. The
nonGNUtls version could also be changed to display the subjectAltName''s
the certificate has like the OpenSSL one does (after my patch from ages
ago; no, I?m not going to code for nonGNUtls).

Gestern Nacht ist mein IRC-Netzwerk explodiert. Ich hatte nicht damit
gerechnet, darum bin ich blutverschmiert? wer konnte ahnen, da? SIE so
reagier?n? gestern Nacht ist mein IRC-Netzwerk explodiert~~~
	(as of 2021-06-15 The MirOS Project temporarily reconvenes on OFTC)

Lynx-dev mailing list

Reply to: