Thread: SSL (patch 4)

SSL (patch 4)

From

Bear Giles

Date:

25 May 2002, 02:52:51

This patch adds a check that the server certificate common name
resolves to the other side of the socket.

It also seems to have bits that were supposed to be in the
previous patch.  Probably operator error - a combined patch
will be posted in a few minutes.

Bear

Attachment

patch4

Re: SSL (patch 4)

From

Peter Eisentraut

Date:

27 May 2002, 20:02:59

Bear Giles writes:

> This patch adds a check that the server certificate common name
> resolves to the other side of the socket.

gethostbyname2() is a GNU thing.  AF_INET6 code needs to be #ifdef'd to
something because not every host handles IPv6.  Avoid using fixed-size
arrays for names if possible.

--
Peter Eisentraut   peter_e@gmx.net

Re: SSL (patch 4)

From

Bear Giles

Date:

27 May 2002, 21:53:39

> gethostbyname2() is a GNU thing.

Curiously this worked when I just tried compiling this on OpenBSD,
but

> AF_INET6 code needs to be #ifdef'd to
> something because not every host handles IPv6.

that particular code didn't work and I was already debating trying
to remove it.  I'll add this to the list...

Bear