Project

General

Profile

Actions

Feature #7849

closed

trusted_hosts should determine hostname from certificate CN on SSL requests

Added by Dominic Cleal about 10 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Security
Target version:
Difficulty:
Triaged:
Fixed in Releases:
Found in Releases:

Description

trusted_hosts is based on reverse DNS, but when requests come in over HTTPS, the CN should be parsed from the certificate's DN and used for comparison against the trusted hosts list.


Related issues 3 (1 open2 closed)

Related to Smart Proxy - Bug #7822: CVE-2014-3691 - Smart proxy doesn't perform verification of client SSL certificate on API requestsClosedDominic Cleal10/06/2014Actions
Related to Smart Proxy - Bug #9919: trusted host test can hang during DNS lookupClosedDominic Cleal03/27/2015Actions
Related to Smart Proxy - Feature #11039: Support more specific authorization of wildcard certificatesNew07/07/2015Actions
Actions

Also available in: Atom PDF