• Timothy B. Terriberry's avatar
    Fix two minor errors in hostname validation. · 0a94cf8f
    Timothy B. Terriberry authored
    RFC 6125 says that if the host is an IP address, a subjectAltName of
     type iPAddress must (no 2119 caps) be present and must be used.
    We would still fall back to checking the Common Name if no
     subjectAltName was present.
    
    https://marc.info/?l=openssl-dev&m=139617145216047&w=2 interprets
     RFC 6125 to say that if the host is a DNS name, but the certificate
     only contains a subjectAltName of type iPAddress, then we should
     still fall back to checking the Common Name.
    We would only check the Common Name if there was no subjectAltName
     of any type.
    
    Restructure the hostname validation to check IP addresses up-front
     and fall back to checking the Common Name in the proper cases.
    0a94cf8f
Name
Last commit
Last update
ci Loading commit data...
doc Loading commit data...
examples Loading commit data...
include Loading commit data...
m4 Loading commit data...
mingw Loading commit data...
src Loading commit data...
unix Loading commit data...
win32 Loading commit data...
.gitattributes Loading commit data...
.gitignore Loading commit data...
.travis.yml Loading commit data...
AUTHORS Loading commit data...
COPYING Loading commit data...
Makefile.am Loading commit data...
README.md Loading commit data...
appveyor.yml Loading commit data...
autogen.sh Loading commit data...
configure.ac Loading commit data...
opusfile-uninstalled.pc.in Loading commit data...
opusfile.pc.in Loading commit data...
opusurl-uninstalled.pc.in Loading commit data...
opusurl.pc.in Loading commit data...
releases.sha2 Loading commit data...
update_version Loading commit data...