[dovecot/core] cea45a: lib-ssl-iostream: Fix missing altName handling in ...
GitHub
noreply at github.com
Wed Apr 25 19:30:17 EEST 2018
Branch: refs/heads/master
Home: https://github.com/dovecot/core
Commit: cea45a45078374c6ea43407908cf77cdb9c1a2ac
https://github.com/dovecot/core/commit/cea45a45078374c6ea43407908cf77cdb9c1a2ac
Author: Aki Tuomi <aki.tuomi at dovecot.fi>
Date: 2018-04-25 (Wed, 25 Apr 2018)
Changed paths:
M src/lib-ssl-iostream/iostream-openssl-common.c
Log Message:
-----------
lib-ssl-iostream: Fix missing altName handling in openssl_cert_match_name
If name is not found in subjectAltNames, report it as error.
Fixes Panic: file iostream-openssl-common.c: line 177 (openssl_cert_match_name): assertion failed: (*reason_r != NULL)
Commit: c383e997be5d1b50b6cb73324c240c13bd96ea0e
https://github.com/dovecot/core/commit/c383e997be5d1b50b6cb73324c240c13bd96ea0e
Author: Aki Tuomi <aki.tuomi at dovecot.fi>
Date: 2018-04-25 (Wed, 25 Apr 2018)
Changed paths:
M src/lib-ssl-iostream/iostream-openssl.c
Log Message:
-----------
lib-ssl-iostream: Do not skip cert name check if invalid cert is allowed
Caller should be responsible for ignoring this error, not us.
All the locations calling here are dealing this correctly.
Commit: 78d6bd63bcbcd65fa6fae9febfb2421a05ef31a2
https://github.com/dovecot/core/commit/78d6bd63bcbcd65fa6fae9febfb2421a05ef31a2
Author: Aki Tuomi <aki.tuomi at dovecot.fi>
Date: 2018-04-25 (Wed, 25 Apr 2018)
Changed paths:
M src/lib-http/test-http-client.c
Log Message:
-----------
lib-http: test-http-client - Test against missing SAN name
Add test to make sure http client validates and ignores
missing subjectAltName in cert, when not validating names.
Commit: ed6b01ce1544d9b35a8da8832cb6b649b226f58c
https://github.com/dovecot/core/commit/ed6b01ce1544d9b35a8da8832cb6b649b226f58c
Author: Aki Tuomi <aki.tuomi at dovecot.fi>
Date: 2018-04-25 (Wed, 25 Apr 2018)
Changed paths:
M src/lib-http/test-http-client.c
Log Message:
-----------
lib-http: test-http-client - Only load existing CAs
Otherwise the SSL tests do not properly work.
Fixes Error: HTTP Request failed: Couldn't initialize SSL context: Can't load CA certs from directory /etc/ssl/certs: error:02001002:system library:fopen:No such file or directory: fopen('/etc/pki/tls/cert.pem','r'), error:2006D080:BIO routines:BIO_new_file:no such file, error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib
Compare: https://github.com/dovecot/core/compare/99d9e710d669...ed6b01ce1544
More information about the dovecot-cvs
mailing list