[
https://issues.apache.org/jira/browse/THRIFT-3009?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14340945#comment-14340945
]
Hudson commented on THRIFT-3009:
--------------------------------
SUCCESS: Integrated in Thrift #1466 (See
[https://builds.apache.org/job/Thrift/1466/])
THRIFT-3009 TSSLSocket does not use the correct hostname (breaks certificate
checks) (jensg: rev 00a4e3e802ea68fd992e1fa0061fe6f3f39872ee)
* lib/go/thrift/ssl_socket.go
> TSSLSocket does not use the correct hostname (breaks certificate checks)
> ------------------------------------------------------------------------
>
> Key: THRIFT-3009
> URL: https://issues.apache.org/jira/browse/THRIFT-3009
> Project: Thrift
> Issue Type: Bug
> Components: Go - Library
> Reporter: Mathias Gottschlag
> Assignee: Jens Geyer
> Fix For: 0.9.3
>
> Attachments:
> 0001-THRIFT-3009-Make-TSSLSocket-use-the-original-hostnam.patch
>
>
> TSSLSocket first resolves the specified hostname from NewTSSLSocket, and then
> passes the IP to tls.Dial. This is wrong because tls.Dial performs TLS
> certificate checks and needs the original hostname. The result is that TLS
> support is completely broken as the only way to make a successful connection
> is to disable the hostname check.
> I'd propose (and will upload a patch in a minute) that TSSLSocket gets an
> field hostPort (in additon to addr) which contains the unresolved hostname.
> Open() then used one of the two fields, depending on which one was specified
> in the constructor.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
