generic-library/curl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

- Sven Anders reported that we introduced a cert verfication flaw for OpenSSL-

Browse Source 
powered libcurl in 7.19.6. If there was a X509v3 Subject Alternative Name
  field in the certficate it had to match and so even if non-DNS and non-IP
  entry was present it caused the verification to fail.
This commit is contained in:
Daniel Stenberg
2009-09-16 20:44:18 +00:00
parent c2c3a46e3e
commit 250ba99498
3 changed files with 19 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
RELEASE-NOTES
View File

@@ -28,6 +28,7 @@ This release includes the following bugfixes:
o configure uses pkg-config for cross-compiles as well
o improved NSS detection in configure
o cookie expiry date at 1970-jan-1 00:00:00
o libcurl-OpenSSL failed to verify some certs with Subject Alternative Name
This release includes the following known bugs:
@@ -38,6 +39,6 @@ advice from friends like these:
Karl Moerder, Kamil Dudka, Krister Johansen, Andre Guibert de Bruet,
Michal Marek, Eric Wong, Guenter Knauf, Peter Sylvester, Daniel Johnson,
Claes Jakobsson
Claes Jakobsson, Sven Anders
Thanks! (and sorry if I forgot to mention someone)