Loading...

XML

Word

Printable

JSON

Type: Improvement
Resolution: Unresolved
Priority: Major - P3
Fix Version/s: None
Affects Version/s: 3.0.0
Component/s: Security
Labels:
- platforms-re-triaged

Assigned Teams:

Server Security
Confidence Status:
None
Work Order:
3

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name:
None
Goal Link:
None

Subject Alternative Names that are IP addresses have to be specifically identified as such. But server.pem and several others in jstests/lib have this:

        X509v3 Subject Alternative Name:
                DNS:localhost, DNS:127.0.0.1

whereas it should be:

        X509v3 Subject Alternative Name:
                DNS:localhost, IP:127.0.0.1

Correctly written clients will fail to connect on 127.0.0.1 to a server presenting this certificate.

is depended on by

JAVA-1687 Enable SSL host name verification for automated SSL tests

Closed

Assignee:: [DO NOT USE] Backlog - Security Team
Reporter:: Jeffrey Yemin
Participants:: [DO NOT USE] Backlog - Security Team, Jeffrey Yemin, Stuart Larsen
Votes:: 0 Vote for this issue
Watchers:: 13 Start watching this issue

Created:: Mar 17 2015 06:10:52 PM UTC
Updated:: Dec 06 2022 04:54:32 AM UTC

Details

Description

Attachments

Issue Links

Activity

People

Dates