Google Git
Sign in
chromium / chromiumos / third_party / tlsdate / 6d92043eb5736f293c39814c7818a3686aedb184
commit6d92043eb5736f293c39814c7818a3686aedb184[log] [tgz]
authorelly <elly@leptoquark.net>Wed Feb 27 15:50:25 2013
committerChromeBot <chrome-bot@google.com>Thu Feb 28 21:43:23 2013
treeefda76ff82f69bbb21c40d376ee944dff6870c7b
parentbf90bd29fd4fa6b0f5ddf5d5bf362cc0514a769c [diff]
BACKPORT: tlsdate-helper: fix SAN checking

Right now, SAN checking checks against the host we're opening a socket to
instead of the host we're actually trying to talk to, which is fine... as long
as we don't have a proxy. Note that this problem only manifests for hosts whose
CN is not equal to their hostname (so the default host of www.ptb.de is fine).

To observe the problem:
$ ssh -D 127.0.0.1:30000 somehost
$ tlsdate -H clients3.google.com -x socks5://127.0.0.1:30000
hostname verification failed for host 127.0.0.1!
child process failed in SSL handshake

With this fix, you instead see no output.

BUG=chromium-os:38801
TEST=adhoc
Test steps given above.

Signed-off-by: Elly Fong-Jones <ellyjones@chromium.org>
(cherry picked from commit ceb1fe26c3136fc206101b757bdae298e729acf9)

Change-Id: If57d7cc6a8c12bbbcefa95bb8414a37445434eb4
Reviewed-on: https://gerrit.chromium.org/gerrit/44277
Reviewed-by: Elly Jones <ellyjones@chromium.org>
Tested-by: Elly Jones <ellyjones@chromium.org>
Commit-Queue: Elly Jones <ellyjones@chromium.org>
1 file changed
tree: efda76ff82f69bbb21c40d376ee944dff6870c7b
  1. ca-roots/
  2. etc/
  3. m4/
  4. man/
  5. src/
  6. .gitignore
  7. apparmor-profile
  8. AUTHORS
  9. autogen.sh
  10. CHANGELOG
  11. configure.ac
  12. HACKING
  13. INSTALL
  14. LICENSE
  15. Makefile.am
  16. README
  17. tlsdate-seccomp-amd64.policy
  18. tlsdate-seccomp-arm.policy
  19. tlsdate-seccomp-x86.policy
  20. TLSDATEPOOL
  21. TODO