Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

curl built with mbedtls fails on https://1.1.1.1/ (IP address in SubjectAltName) #6473

Closed
busylog opened this issue Oct 22, 2022 · 3 comments
Closed

curl built with mbedtls fails on https://1.1.1.1/ (IP address in SubjectAltName) #6473

busylog opened this issue Oct 22, 2022 · 3 comments

Comments

@busylog
Copy link

busylog commented Oct 22, 2022

Suggested enhancement

support ip address in x509_crt_verify_name, for curl https://1.1.1.1

Justification

openwrt/packages#19677
@gilles-peskine-arm
Copy link
Contributor

This has already been requested: #5082 . Pull requests welcome.

@gilles-peskine-arm gilles-peskine-arm closed this as not planned Won't fix, can't repro, duplicate, stale Oct 22, 2022
This was referenced Oct 23, 2022
Open
Closed
@gstrauss gstrauss mentioned this issue Oct 28, 2022
Merged
@gstrauss
Copy link
Contributor

gstrauss commented Feb 2, 2023

This has already been requested: #5082 . Pull requests welcome.

Please see PR #6475 X509 crt verify SAN iPAddress with code and tests filed back in Oct 2022.

hauke pushed a commit to gstrauss/openwrt-libs that referenced this issue Feb 3, 2023
@gstrauss @hauke
mbedtls: x509 crt verify SAN iPAddress
2a691fc 
backport from
X509 crt verify SAN iPAddress
Mbed-TLS/mbedtls#6475

addresses
curl built with mbedtls fails on https://1.1.1.1/ (IP address in SubjectAltName)
Mbed-TLS/mbedtls#6473

filed for
mbedTLS: BADCERT_CN_MISMATCH on https://1.1.1.1 with curl+mbedtls
openwrt/packages#19677

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
ABu33 pushed a commit to ABu33/openwrt that referenced this issue Feb 3, 2023
@gstrauss @ABu33
mbedtls: x509 crt verify SAN iPAddress
b306434 
backport from
X509 crt verify SAN iPAddress
Mbed-TLS/mbedtls#6475

addresses
curl built with mbedtls fails on https://1.1.1.1/ (IP address in SubjectAltName)
Mbed-TLS/mbedtls#6473

filed for
mbedTLS: BADCERT_CN_MISMATCH on https://1.1.1.1 with curl+mbedtls
openwrt/packages#19677

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
Vladdrako pushed a commit to Vladdrako/openwrt that referenced this issue Feb 5, 2023
@gstrauss @Vladdrako
mbedtls: x509 crt verify SAN iPAddress
a250af7 
backport from
X509 crt verify SAN iPAddress
Mbed-TLS/mbedtls#6475

addresses
curl built with mbedtls fails on https://1.1.1.1/ (IP address in SubjectAltName)
Mbed-TLS/mbedtls#6473

filed for
mbedTLS: BADCERT_CN_MISMATCH on https://1.1.1.1 with curl+mbedtls
openwrt/packages#19677

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
Arie pushed a commit to Arie/openwrt-rb5009 that referenced this issue Feb 8, 2023
@gstrauss @Arie
mbedtls: x509 crt verify SAN iPAddress
615a1b8 
backport from
X509 crt verify SAN iPAddress
Mbed-TLS/mbedtls#6475

addresses
curl built with mbedtls fails on https://1.1.1.1/ (IP address in SubjectAltName)
Mbed-TLS/mbedtls#6473

filed for
mbedTLS: BADCERT_CN_MISMATCH on https://1.1.1.1 with curl+mbedtls
openwrt/packages#19677

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
1582130940 pushed a commit to 1582130940/OpenWrt-Lean that referenced this issue Mar 2, 2023
@gstrauss @1582130940
mbedtls: x509 crt verify SAN iPAddress
d8722b6 
backport from
X509 crt verify SAN iPAddress
Mbed-TLS/mbedtls#6475

addresses
curl built with mbedtls fails on https://1.1.1.1/ (IP address in SubjectAltName)
Mbed-TLS/mbedtls#6473

filed for
mbedTLS: BADCERT_CN_MISMATCH on https://1.1.1.1 with curl+mbedtls
openwrt/packages#19677

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
1582130940 pushed a commit to 1582130940/OpenWrt-Lean that referenced this issue Mar 9, 2023
@gstrauss @1582130940
mbedtls: x509 crt verify SAN iPAddress
b79553f 
backport from
X509 crt verify SAN iPAddress
Mbed-TLS/mbedtls#6475

addresses
curl built with mbedtls fails on https://1.1.1.1/ (IP address in SubjectAltName)
Mbed-TLS/mbedtls#6473

filed for
mbedTLS: BADCERT_CN_MISMATCH on https://1.1.1.1 with curl+mbedtls
openwrt/packages#19677

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
1582130940 pushed a commit to 1582130940/OpenWrt-Lean that referenced this issue Mar 10, 2023
@gstrauss @1582130940
mbedtls: x509 crt verify SAN iPAddress
0b4d49e 
backport from
X509 crt verify SAN iPAddress
Mbed-TLS/mbedtls#6475

addresses
curl built with mbedtls fails on https://1.1.1.1/ (IP address in SubjectAltName)
Mbed-TLS/mbedtls#6473

filed for
mbedTLS: BADCERT_CN_MISMATCH on https://1.1.1.1 with curl+mbedtls
openwrt/packages#19677

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
1582130940 pushed a commit to 1582130940/OpenWrt-Lean that referenced this issue Mar 15, 2023
@gstrauss @1582130940
mbedtls: x509 crt verify SAN iPAddress
f6f5a22 
backport from
X509 crt verify SAN iPAddress
Mbed-TLS/mbedtls#6475

addresses
curl built with mbedtls fails on https://1.1.1.1/ (IP address in SubjectAltName)
Mbed-TLS/mbedtls#6473

filed for
mbedTLS: BADCERT_CN_MISMATCH on https://1.1.1.1 with curl+mbedtls
openwrt/packages#19677

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
1582130940 pushed a commit to 1582130940/OpenWrt-Lean that referenced this issue Mar 17, 2023
@gstrauss @1582130940
mbedtls: x509 crt verify SAN iPAddress
796d1d3 
backport from
X509 crt verify SAN iPAddress
Mbed-TLS/mbedtls#6475

addresses
curl built with mbedtls fails on https://1.1.1.1/ (IP address in SubjectAltName)
Mbed-TLS/mbedtls#6473

filed for
mbedTLS: BADCERT_CN_MISMATCH on https://1.1.1.1 with curl+mbedtls
openwrt/packages#19677

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
1582130940 pushed a commit to 1582130940/OpenWrt-Lean that referenced this issue Mar 17, 2023
@gstrauss @1582130940
mbedtls: x509 crt verify SAN iPAddress
13c2fb0 
backport from
X509 crt verify SAN iPAddress
Mbed-TLS/mbedtls#6475

addresses
curl built with mbedtls fails on https://1.1.1.1/ (IP address in SubjectAltName)
Mbed-TLS/mbedtls#6473

filed for
mbedTLS: BADCERT_CN_MISMATCH on https://1.1.1.1 with curl+mbedtls
openwrt/packages#19677

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
1582130940 pushed a commit to 1582130940/OpenWrt-Lean that referenced this issue Mar 17, 2023
@gstrauss @1582130940
mbedtls: x509 crt verify SAN iPAddress
1cd62cb 
backport from
X509 crt verify SAN iPAddress
Mbed-TLS/mbedtls#6475

addresses
curl built with mbedtls fails on https://1.1.1.1/ (IP address in SubjectAltName)
Mbed-TLS/mbedtls#6473

filed for
mbedTLS: BADCERT_CN_MISMATCH on https://1.1.1.1 with curl+mbedtls
openwrt/packages#19677

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
1582130940 pushed a commit to 1582130940/OpenWrt-Lean that referenced this issue Mar 18, 2023
@gstrauss @1582130940
mbedtls: x509 crt verify SAN iPAddress
b1f761a 
backport from
X509 crt verify SAN iPAddress
Mbed-TLS/mbedtls#6475

addresses
curl built with mbedtls fails on https://1.1.1.1/ (IP address in SubjectAltName)
Mbed-TLS/mbedtls#6473

filed for
mbedTLS: BADCERT_CN_MISMATCH on https://1.1.1.1 with curl+mbedtls
openwrt/packages#19677

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
@gstrauss
Copy link
Contributor

#6475 and #7436 have been merged into development branch for mbedtls-3.x

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@gstrauss @gilles-peskine-arm @busylog