[Tickets #12929] Horde_Http: Fix disabling SSL certificate hostname check
noreply at bugs.horde.org
noreply at bugs.horde.org
Tue Jan 21 13:04:24 UTC 2014
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/12929
------------------------------------------------------------------------------
Ticket | 12929
Created By | Thomas Jarosch <thomas.jarosch at intra2net.com>
Summary | Horde_Http: Fix disabling SSL certificate hostname
| check
Queue | Horde Framework Packages
Version | Git master
Type | Bug
State | Unconfirmed
Priority | 1. Low
Milestone |
Patch | 1
Owners |
------------------------------------------------------------------------------
Thomas Jarosch <thomas.jarosch at intra2net.com> (2014-01-21 13:04) wrote:
If we disable the SSL certificate verification for curl,
we should disable the hostname checking, too.
The recent curl security update for CVE-2013-4545 fixed
a bug that erroneously disabled the hostname checking
if the certificate verification was disabled.
I triggered this issue because Horde_Http no longer connected
to "localhost" over SSL as the given cert hostname was "xxx.yyy.zzz".
Thomas Jarosch <thomas.jarosch at intra2net.com> (2014-01-21 13:04)
uploaded: 0001-Fix-disabling-SSL-certificate-hostname-check.patch
http://bugs.horde.org/h/services/download/?app=whups&actionID=download_file&file=0001-Fix-disabling-SSL-certificate-hostname-check.patch&ticket=12929&fn=%2F0001-Fix-disabling-SSL-certificate-hostname-check.patch
More information about the bugs
mailing list