mirror of
https://repo.or.cz/socat.git
synced 2025-07-22 02:22:57 +00:00
Check OpenSSL peers commonName+subjectAltName; new option openssl-commonname
This commit is contained in:
parent
05afec429d
commit
2f40a439cb
13 changed files with 535 additions and 195 deletions
13
CHANGES
13
CHANGES
|
@ -18,6 +18,17 @@ security:
|
|||
Turn off nested signal handler invocations
|
||||
Thanks to Peter Lobsinger for reporting and explaining this issue.
|
||||
|
||||
Red Hat issue 1019975: add TLS host name checks
|
||||
OpenSSL client checks if the server certificates names in
|
||||
extensions/subjectAltName/DNS or in subject/commonName match the name
|
||||
used to connect or the value of the openssl-commonname option.
|
||||
Test: OPENSSL_CN_CLIENT_SECURITY
|
||||
|
||||
OpenSSL server checks if the client certificates names in
|
||||
extensions/subjectAltNames/DNS or subject/commonName match the value of
|
||||
the openssl-commonname option when it is used.
|
||||
Test: OPENSSL_CN_SERVER_SECURITY
|
||||
|
||||
new features:
|
||||
OpenSSL addresses set couple of environment variables from values in
|
||||
peer certificate, e.g.:
|
||||
|
@ -1033,7 +1044,7 @@ further corrections:
|
|||
ftp.sh script supports proxy address
|
||||
|
||||
man page no longer installed with execute permissions (thanks to Peter
|
||||
Bray)
|
||||
Bray)
|
||||
|
||||
fixed a malloc call bug that could cause SIGSEGV or false "out of
|
||||
memory" errors on EXEC and SYSTEM, depending on program name length and
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue