https://bz.apache.org/bugzilla/show_bug.cgi?id=65143
Bug ID: 65143
Summary: Hostname check on client certificate is not done, at
least client ip should be checked in
SSL_CLIENT_SAN_DNS_n
Product: Apache httpd-2
Version: 2.4-HEAD
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: mod_ssl
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: ---
Currently the SSL_CLIENT_VERIFY directive only verifies the the validity of the
certificate and not the hostname as it does in case of server certificate.
But can we introduce that if cert has IP address in SSL_CLIENT_SAN_DNS_n then
the clients IP address is checked in at least SSL_CLIENT_SAN_DNS_n. That way we
know the client is the real client and sort of ip whitelisting is acheived.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
