Bug 1019975 - socat: add TLS host name checks
socat: add TLS host name checks
Status: MODIFIED
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: socat (Show other bugs)
7.0
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: Paul Wouters
BaseOS QE Security Team
:
Depends On:
Blocks: 1019961
  Show dependency treegraph
 
Reported: 2013-10-16 13:40 EDT by Florian Weimer
Modified: 2017-10-03 21:25 EDT (History)
1 user (show)

See Also:
Fixed In Version: 1.7.3.1-1
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Florian Weimer 2013-10-16 13:40:17 EDT
Currently, socat does not print an error message when certificate does not match the host name.  This is mitigated by the fact that the system CA certificate store is not used (bug 1019964).

Host name checking probably needs to be made optional, or the check could be overridden by specifying an explicit (non-CA) certificate or its SHA-256 hash.
Comment 4 Gerhard 2015-01-24 15:31:44 EST
This has been fixed in socat version 1.7.3.0, Socat now checks the servername(s) in the certificates.

Note You need to log in before you can comment on or make changes to this bug.