Golang CertChecker hostname validation differs to OpenSSH
Michael Ströder
michael at stroeder.com
Mon May 15 20:42:40 AEST 2017
Adam Eijdenberg wrote:
> I think this what "check_host_cert()" does, and as far as I can tell,
> OpenSSH only passes it the hostname (not "host:port").
>
> (for better or for worse, this would be roughly inline with X.509v3
> cert host matching, which also doesn't match on port numbers)
If possible OpenSSH IMO should not reproduce this particular deficiency of the TLS
hostname check.
Ciao, Michael.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3829 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20170515/07c65840/attachment-0001.bin>
More information about the openssh-unix-dev
mailing list