Skip to content
Permalink
Browse files

MDEV-18131 MariaDB does not verify IP addresses from subject alternat…

…ive names
  • Loading branch information...
vaintroub committed Apr 24, 2019
1 parent d1de8bd commit b50871611764d282874ad095d6c021163d1fe354
Showing with 2 additions and 1 deletion.
  1. +2 −1 libmariadb/secure/openssl.c
@@ -812,7 +812,8 @@ int ma_tls_verify_server_cert(MARIADB_TLS *ctls)
return 1;
}
#ifdef HAVE_OPENSSL_CHECK_HOST
if (X509_check_host(cert, mysql->host, 0, 0, 0) != 1)
if (X509_check_host(cert, mysql->host, 0, 0, 0) != 1
&& X509_check_ip_asc(cert, mysql->host, 0) != 1)
goto error;
#else
x509sn= X509_get_subject_name(cert);

0 comments on commit b508716

Please sign in to comment.
You can’t perform that action at this time.