Lists

Open Menu Close Menu

Terms and Conditions
Lists hosted on this site
Email the Postmaster
Tips for posting to public mailing lists

Re: SSL host name checking doesn't understand wildcard subdomains?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SSL host name checking doesn't understand wildcard subdomains?

Subject: Re: SSL host name checking doesn't understand wildcard subdomains?
From: Jens Alfke <email@hidden>
Date: Fri, 11 May 2012 15:52:58 -0700

On May 11, 2012, at 10:51 AM, I wrote:

If I disable peer name verification by setting the kCFStreamSSLPeerName property to kCFNull, the connection succeeds. Presumably I can then check the hostname myself and interpret the “*” properly, but shouldn’t SecureTransport or CFNetwork be doing that?

…and, having just implemented that check, let me say that it’s not at all straightforward on iOS — because some genius in the Security team forgot to put SecCertificateCopyCommonName in the iOS public API, meaning that to get the peer name from the SSL connection you’d have to do a bunch of messy X.509 certificate parsing. Oh, joy. :-p

—Jens

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden

References:
	>SSL host name checking doesn't understand wildcard subdomains? (From: Jens Alfke <email@hidden>)

Prev by Date: SSL host name checking doesn't understand wildcard subdomains?
Next by Date: CFReadStreamRead() error -9843 ??
Previous by thread: SSL host name checking doesn't understand wildcard subdomains?
Next by thread: Re: SSL host name checking doesn't understand wildcard subdomains?
Index(es):
- Date
- Thread