Hi Niels,
On Sat, Feb 25, 2017 at 08:40:00AM +0000, Niels Thykier wrote:
> Ok, please go ahead with the upload.
Done today. Sorry about the delay, I was out of the country.
> The only question I have is about this bit here:
>
> > + if (s->hostname && *s->hostname)
> > + {
> > + if (!gnutls_x509_crt_check_hostname (cert, s->hostname))
> > + {
> > + debugout (s,
> > + "The certificate's owner does not match hostname '%s'\n",
> > + s->hostname);
> > + return GNUTLS_E_CERTIFICATE_ERROR;
> > + }
> > + }
>
> When is the "s->hostname" is blank / NULL ?
s->hostname may be set on the command line to override the autodetected
hostname. If that's the case, this is only a sanity check to ensure that
the client certificate matches the client's hostname as specified. The
server has other checks for ensuring these names are valid.
It should not have any security impact on the client.
--
< ron> I mean, the main *practical* problem with C++, is there's like a dozen
people in the world who think they really understand all of its rules,
and pretty much all of them are just lying to themselves too.
-- #debian-devel, OFTC, 2016-02-12
