Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

crypto/x509: VerifyHostname should ignore port if not present in pattern #15452

Closed
runeaune opened this issue Apr 26, 2016 · 1 comment
Closed

crypto/x509: VerifyHostname should ignore port if not present in pattern #15452

runeaune opened this issue Apr 26, 2016 · 1 comment
Labels
FrozenDueToAge
Milestone
Unplanned

Comments

@runeaune
Copy link

x509 certificate verification currently fails for requests that specifies a port, unless the common name pattern in the certificate has the same port specified.

I think this is too strict. If the pattern doesn't have a port, I think the verification should pass for all requests to that host, regardless of port.

Relevant code: https://github.com/golang/go/blob/master/src/crypto/x509/verify.go#L414
@bradfitz bradfitz added this to the Unplanned milestone Apr 26, 2016
@agl
Copy link
Contributor

agl commented Apr 26, 2016

X.509 certificates should only contain hostnames and VerifyHostname takes a hostname. One can use SplitHostPort to preprocess strings that may contain a port number.

@agl agl closed this as completed Apr 26, 2016
@golang golang locked and limited conversation to collaborators Apr 26, 2017
@rsc rsc unassigned agl Jun 23, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge
Projects
None yet
Milestone
Unplanned
Development

No branches or pull requests
4 participants
@bradfitz @agl @runeaune @gopherbot