Patch verification To be sure, I just made a cross-check with the same AqBanking configuration as above and with the patch applied.
To prove the fix is working as intended, I've retried the reproduction given in the initial Debian bug report. The hostname was no longer flagged as issue, so the patch seems to work. ``` $ aqhbci-tool4 getcert --user=1 5:2023/04/18 22-26-58:aqbanking(51692):siotlsext.c: 233: Status for certificate 76:42:76:BF:8E:E5:95:22:ED:A7:85:10:8F:52:96:73" has changed to "The certificate is valid" (00000000->80000000), need to present 4:2023/04/18 22-26-58:gwen(51692):syncio_tls.c: 137: No checkCertFn set, using GWEN_GUI ===== Certificate Received ===== The following certificate has been received: Name : fints1.atruvia.de Organisation : Atruvia AG Department : unknown Country : DE City : Karlsruhe State : Baden-W?rttemberg Valid after : 2023/03/21 08:14:05 Valid until : 2024/03/21 08:09:00 Hash (MD5) : 76:42:76:BF:8E:E5:95:22:ED:A7:85:10:8F:52:96:73 Hash (SHA1) : 8E:C0:B3:C1:F7:B6:0A:9B:8F:86:00:D0:F2:72:E9:F6:72:EE:D7:18 Hash (SHA512): DE:A2:D8:16:29:3B:64:83:34:C4:BD:5C:08:40:DE:45:26:BA:EF:5E:79:E9:21:52:77:DE:3A:A2:F6:B8:98:E4:62:BE:28:31:03:57:D8:67:40:64:35:C7:A1:7C:31:AB:C3:B2:7C:B3:3B:98:31:CE:DE:23:36:50:F9:F2:77:E1 Status : The certificate is valid Do you wish to accept this certificate? (1) Yes (2) No Please enter your choice: ``` To also prove the SSL certificate hostname check is still done correctly, I've temporarily configured in /etc/hosts the hostname of the server to point to the ip address of one of my servers. It got flagged correctly as hostname mismatch: ``` $ aqhbci-tool4 getcert --user=1 4:2023/04/18 22-18-05:gwen(51547):syncio_tls.c: 971: Certificate was not issued for this host Certificate was not issued for this host 5:2023/04/18 22-18-05:aqbanking(51547):siotlsext.c: 233: Status for certificate CA:AB:31:39:32:97:D9:DD:E0:DA:7F:E5:CD:FB:51:D4" has changed to "Certificate owner does not match hostname" (00000000->00000020), need to present 4:2023/04/18 22-18-05:gwen(51547):syncio_tls.c: 137: No checkCertFn set, using GWEN_GUI ===== Certificate Received ===== The following certificate has been received: Name : www.lenk.info Organisation : unknown Department : unknown Country : unknown City : unknown State : unknown Valid after : 2023/03/23 17:03:39 Valid until : 2023/06/21 18:03:38 Hash (MD5) : CA:AB:31:39:32:97:D9:DD:E0:DA:7F:E5:CD:FB:51:D4 Hash (SHA1) : FD:39:60:A0:8F:07:58:76:47:E5:8D:0E:E1:E5:81:66:1B:CB:C6:87 Hash (SHA512): 8B:DE:8E:4F:F7:B4:3F:89:D1:C3:86:8E:AC:9F:52:26:CC:3F:4F:32:22:86:11:1A:EB:8E:13:18:3B:AE:3B:21:A1:6D:E1:42:88:7C:8A:92:EF:BF:2C:54:B2:57:06:93:90:7C:EC:AA:15:C2:57:4F:2D:C2:32:4B:62:A0:EE:59 Status : Certificate owner does not match hostname Do you wish to accept this certificate? (1) Yes (2) No Please enter your choice: 2 ```