[CDRIVER-1490] Certificate SAN ipAddress for IPv6 fails Created: 23/Aug/16  Updated: 19/Oct/16  Resolved: 26/Aug/16

Status: Closed
Project: C Driver
Component/s: None
Affects Version/s: 1.4.0
Fix Version/s: 1.5.0

Type: Bug Priority: Major - P3
Reporter: Hannes Magnusson Assignee: Hannes Magnusson
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
is related to CDRIVER-1156 TLS Improved Closed

 Description   

Both the openssl1.1 and openssl1.0 codepaths fail verifying certificates that are supposed to match IPv6 ipAddress Subject Alternative Names.

This is because of the inet_pton calls provides AF_INET, and blissfully ignores anything about IPv6.
Its trivially fixed in the OpenSSL 1.1 codepath with seperate lookup, but the OpenSSL 1.0 path is a bit more tricky as it tries to memcmp() the ASN1_STRING_data() results and inet_pton which doesn't seem to be kosher for IPv6.



 Comments   
Comment by Githook User [ 26/Aug/16 ]

Author:

{u'username': u'bjori', u'name': u'Hannes Magnusson', u'email': u'bjori@php.net'}

Message: CDRIVER-1490 Certificate SAN ipAddress for IPv6 fails
Branch: master
https://github.com/mongodb/mongo-c-driver/commit/f2a01fde35a04164ee37b46cd528415c2d9d8fbf

Generated at Wed Feb 07 21:12:42 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.