Aki Sukegawa created THRIFT-3599:
------------------------------------
Summary: Validate client IP address against cert's SubjectAltName
Key: THRIFT-3599
URL: https://issues.apache.org/jira/browse/THRIFT-3599
Project: Thrift
Issue Type: Bug
Components: Python - Library
Reporter: Aki Sukegawa
Assignee: Aki Sukegawa
Priority: Critical
After THRIFT-3505, python TSSLSocket has client cert support but does not
perform any hostname matching.
That means clients can submit any certificate that is unrelated to them and the
server side only check if the cert is in their CA.
It is in a sense worse than nothing as it can introduce false sense of security.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
