sloum/bombadillo
sloum
/
bombadillo
5
27
Fork 7
Code Issues 18 Pull Requests 1 Releases 9 Activity

Minor fix to how we verify hostnames #197

Merged
sloum merged 2 commits from tls-commonname-check into release2.3.3 2020-11-06 03:28:33 +00:00
Conversation 5 Commits 2 Files Changed 1 +2 -2
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
gemini/gemini.go
View File

@ -78,7 +78,7 @@ func (t *TofuDigest) Match(host, localCert string, cState *tls.ConnectionState)
return fmt.Errorf("EXP") return fmt.Errorf("EXP")
} }
if err := cert.VerifyHostname(host); err != nil { if err := cert.VerifyHostname(host); err != nil && cert.Subject.CommonName != host {
return fmt.Errorf("Certificate error: %s", err) return fmt.Errorf("Certificate error: %s", err)
} }
@ -107,7 +107,7 @@ func (t *TofuDigest) newCert(host string, cState *tls.ConnectionState) error {
continue continue
} }
if err := cert.VerifyHostname(host); err != nil { if err := cert.VerifyHostname(host); err != nil && cert.Subject.CommonName != host {
reasons.WriteString(fmt.Sprintf("Cert [%d] hostname does not match", index+1)) reasons.WriteString(fmt.Sprintf("Cert [%d] hostname does not match", index+1))
continue continue
} }