[ https://issues.apache.org/jira/browse/TS-3608?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
David Carlin updated TS-3608: ----------------------------- Labels: yahoo (was: ) > SSL client code does not validate upstream hostname > --------------------------------------------------- > > Key: TS-3608 > URL: https://issues.apache.org/jira/browse/TS-3608 > Project: Traffic Server > Issue Type: Bug > Components: SSL > Reporter: Uri Shachar > Assignee: Uri Shachar > Labels: yahoo > Fix For: 6.0.0 > > > Our SSL client side certificate validation does not validate that the > upstream certificate actually matches the request hostname/IP. > Openssl added a check for this (X509_check_host) in 1.0.2 -- but that version > is still far from becoming mainstream (and the implementation there is > somewhat overcomplicated for our needs). > Fix is to validate (when client side validation is turned on) according to > RFC6125 -- This message was sent by Atlassian JIRA (v6.3.4#6332)