trusted_hosts should determine hostname from certificate CN on SSL requests
trusted_hosts is based on reverse DNS, but when requests come in over HTTPS, the CN should be parsed from the certificate's DN and used for comparison against the trusted hosts list.
Fixes #7849 - re-factor trusted_hosts handling
On HTTPS we will get the FQDN from the client certificate and check against the
While on HTTP we will perform both reverse DNS and forward DNS lookup to verify
the client may talk to us.
Additionally the forward_verify of DNS can be disabled.
#2 Updated by Markus Frosch almost 7 years ago
#8 Updated by Markus Frosch almost 7 years ago
Finally(!!) had the time to work on the thing.
Should I open a PR or should we take care about additional tests?
I'm not sure how the test suite works though.