[exim-dev] [Bug 1479] hostname check missing when verifying …

Top Page
Delete this message
Reply to this message
Author: Phil Pennock
Date:  
To: exim-dev
Subject: [exim-dev] [Bug 1479] hostname check missing when verifying X509 certificate
------- You are receiving this mail because: -------
You are on the CC list for the bug.

http://bugs.exim.org/show_bug.cgi?id=1479




--- Comment #4 from Phil Pennock <pdp@???> 2014-05-16 04:45:50 ---
I was a little dumb; for _verification_, it can make sense to have a list of
hostnames which might be considered valid. This should probably take a
hostlist. That way, it's easy to have a hostlist of one item, but it's
near-impossible to sanely try to verify multiple times, instead of just
iterating over a list in one verification pass.

Then for the `tls_hostname` case, it's still a hostlist and we just state that
the first element in the list will be used for SNI.

Clearly though this is not something where we have a solid enough grasp of the
API which we should commit to, so I think that, despite this API being my idea,
we should probably not put it in before the 4.83 release -- we need to bat
around the concept and driving use-cases a bit to get a firmer grasp before we
paint ourselves into nasty corners of my design.

That said, the proposed patch looks *great*, doing everything right for what I
_had_ said should be done.


--
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email