Red Hat Bugzilla – Bug 1019975
socat: add TLS host name checks
Last modified: 2017-10-03 21:25:07 EDT
Currently, socat does not print an error message when certificate does not match the host name. This is mitigated by the fact that the system CA certificate store is not used (bug 1019964).
Host name checking probably needs to be made optional, or the check could be overridden by specifying an explicit (non-CA) certificate or its SHA-256 hash.
This has been fixed in socat version 220.127.116.11, Socat now checks the servername(s) in the certificates.