in openssl mode, cert name validation does not work properly

Question

in openssl mode, cert name validation does not work properly

rgerhards opened this issue 6 years ago · 2 comments

In theory, this is caught by test ./tls-basic-vg.sh, but unfortunately the error is not detected by the test due to a failure in the test itself. PR #148 fixes that test bug and now experiences the problem. In order to make merging #148 possible, the test does still not fail (keeping existing bad behavior) but emits a warning message.

It looks like the cert common name (CN) is not or not properly evaluated - only dnsname seems to work (judging just from the test).

@alorbach can you pls have a look

Answer 1 · 2018-11-23T16:42:42.000Z

@alorbach Note: work on 1.3.0 is complete, we are just waiting for user confirmation on one bugfix. Please use #148's code as basis for your work and/or investigation. Thx.

Answer 2 · 2018-11-26T17:23:50.000Z

I identified the cause and a potential fix together with @alorbach