Thread: SSL (patch 4)

SSL (patch 4)

From
Bear Giles
Date:
This patch adds a check that the server certificate common name
resolves to the other side of the socket.

It also seems to have bits that were supposed to be in the
previous patch.  Probably operator error - a combined patch
will be posted in a few minutes.

Bear

Attachment

Re: SSL (patch 4)

From
Peter Eisentraut
Date:
Bear Giles writes:

> This patch adds a check that the server certificate common name
> resolves to the other side of the socket.

gethostbyname2() is a GNU thing.  AF_INET6 code needs to be #ifdef'd to
something because not every host handles IPv6.  Avoid using fixed-size
arrays for names if possible.

--
Peter Eisentraut   peter_e@gmx.net


Re: SSL (patch 4)

From
Bear Giles
Date:
> gethostbyname2() is a GNU thing.

Curiously this worked when I just tried compiling this on OpenBSD,
but

> AF_INET6 code needs to be #ifdef'd to
> something because not every host handles IPv6.

that particular code didn't work and I was already debating trying
to remove it.  I'll add this to the list...

Bear