[Lynx-dev] bug in SSL certificate validation (fwd)

To: debian-accessibility@lists.debian.org
Subject: [Lynx-dev] bug in SSL certificate validation (fwd)
From: Jude DaShiell <jdashiel@panix.com>
Date: Fri, 6 Aug 2021 13:45:07 -0400
Message-id: <[🔎] alpine.NEB.2.23.451.2108061344510.17284@panix1.panix.com>


---------- Forwarded message ----------
Date: Fri, 6 Aug 2021 13:14:32
From: Thorsten Glaser <tg@mirbsd.de>
To: lynx-dev@nongnu.org
Subject: [Lynx-dev] bug in SSL certificate validation

Hi,

this affects both OpenSSL and Debian?s nonGNUtls builds:

lynx https://user:pass@host/

? will lead to?

SSL error:host(user:pass@host)!=cert(CN<mainhost>:SAN<DNS=host>:SAN<DNS=otherhost>

? for OpenSSL lynx and?

SSL error:host(user:pass@host)!=cert(CN<mainhost>)-Continue? (n)

? for nonGNUtls lynx.

Obviously, user:pass@ need to be stripped before comparing. The
nonGNUtls version could also be changed to display the subjectAltName''s
the certificate has like the OpenSSL one does (after my patch from ages
ago; no, I?m not going to code for nonGNUtls).

bye,
//mirabilos
-- 
Gestern Nacht ist mein IRC-Netzwerk explodiert. Ich hatte nicht damit
gerechnet, darum bin ich blutverschmiert? wer konnte ahnen, da? SIE so
reagier?n? gestern Nacht ist mein IRC-Netzwerk explodiert~~~
	(as of 2021-06-15 The MirOS Project temporarily reconvenes on OFTC)

_______________________________________________
Lynx-dev mailing list
Lynx-dev@nongnu.org
https://lists.nongnu.org/mailman/listinfo/lynx-dev

Reply to:

Prev by Date: Re: Latest Debian Stable 32 bit with non free firmware
Next by Date: Re: Latest Debian Stable 32 bit with non free firmware
Previous by thread: Re: Latest Debian Stable 32 bit with non free firmware
Next by thread: Bad News Upgrade to Bullseye Gone Bad
Index(es):
- Date
- Thread