[jira] [Resolved] (THRIFT-3009) TSSLSocket does not use the correct hostname (breaks certificate checks)

Jens Geyer (JIRA) Fri, 27 Feb 2015 14:18:01 -0800

     [ 
https://issues.apache.org/jira/browse/THRIFT-3009?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Jens Geyer resolved THRIFT-3009.
--------------------------------
       Resolution: Fixed
    Fix Version/s: 0.9.3
         Assignee: Jens Geyer

Committed, thank you!

> TSSLSocket does not use the correct hostname (breaks certificate checks)
> ------------------------------------------------------------------------
>
>                 Key: THRIFT-3009
>                 URL: https://issues.apache.org/jira/browse/THRIFT-3009
>             Project: Thrift
>          Issue Type: Bug
>          Components: Go - Library
>            Reporter: Mathias Gottschlag
>            Assignee: Jens Geyer
>             Fix For: 0.9.3
>
>         Attachments: 
> 0001-THRIFT-3009-Make-TSSLSocket-use-the-original-hostnam.patch
>
>
> TSSLSocket first resolves the specified hostname from NewTSSLSocket, and then 
> passes the IP to tls.Dial. This is wrong because tls.Dial performs TLS 
> certificate checks and needs the original hostname. The result is that TLS 
> support is completely broken as the only way to make a successful connection 
> is to disable the hostname check.
> I'd propose (and will upload a patch in a minute) that TSSLSocket gets an 
> field hostPort (in additon to addr) which contains the unresolved hostname. 
> Open() then used one of the two fields, depending on which one was specified 
> in the constructor.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Resolved] (THRIFT-3009) TSSLSocket does not use the correct hostname (breaks certificate checks)

Reply via email to