[Pkg-openssl-devel] Bug#691964: openssl: s_client does not verify server hostname against certificate
Michal Suchanek
michal.suchanek at ruk.cuni.cz
Wed Oct 31 18:37:25 UTC 2012
Package: openssl
Version: 1.0.1c-4
Severity: important
Hello,
I tried to get certificate validation working in an application using
OpenSSL.
I added to call the verification routine and it rejects invalid
certificates all right but forwarding the server connection through
local inetd+nc does not produce an error.
Looking for working applications I tried openssl s_client and it
verifies the hijacked connection too.
Is there any example of application using openssl that can correcly
verify server certificates at all?
Thanks
Michal
-- System Information:
Debian Release: wheezy/sid
APT prefers testing
APT policy: (910, 'testing'), (900, 'stable'), (410, 'unstable'), (200, 'experimental'), (150, 'precise-updates'), (150, 'precise-security'), (150, 'precise')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.5-trunk-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages openssl depends on:
ii libc6 2.13-35
ii libssl1.0.0 1.0.1c-4
ii zlib1g 1:1.2.7.dfsg-13
openssl recommends no packages.
Versions of packages openssl suggests:
ii ca-certificates 20120623
-- no debconf information
More information about the Pkg-openssl-devel
mailing list