[PATCH] openssl 1.0.2 hostname checking code is broken

David Woodhouse dwmw2 at infradead.org
Fri Oct 23 05:04:04 PDT 2015

On Sat, 2015-10-17 at 12:46 -0400, Jon DeVree wrote:
> The new code that lets OpenSSL 1.0.2 do the hostname checking internally
> is slightly off. Attached is the very simple patch for it.

Applied; thanks.

>  I'm assuming the +1 got in there during testing to make sure
> openssl was doing match failures right.

Yeah, I'm fairly sure you're right.

David Woodhouse                            Open Source Technology Centre
David.Woodhouse at intel.com                              Intel Corporation

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5691 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20151023/1736996c/attachment.bin>

More information about the openconnect-devel mailing list