Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto/x509: VerifyHostname should ignore port if not present in pattern #15452

Closed
runeaune opened this issue Apr 26, 2016 · 1 comment
Closed

crypto/x509: VerifyHostname should ignore port if not present in pattern #15452

runeaune opened this issue Apr 26, 2016 · 1 comment
Assignees
Milestone

Comments

@runeaune
Copy link

@runeaune runeaune commented Apr 26, 2016

x509 certificate verification currently fails for requests that specifies a port, unless the common name pattern in the certificate has the same port specified.

I think this is too strict. If the pattern doesn't have a port, I think the verification should pass for all requests to that host, regardless of port.

Relevant code: https://github.com/golang/go/blob/master/src/crypto/x509/verify.go#L414

@bradfitz bradfitz added this to the Unplanned milestone Apr 26, 2016
@agl
Copy link
Contributor

@agl agl commented Apr 26, 2016

X.509 certificates should only contain hostnames and VerifyHostname takes a hostname. One can use SplitHostPort to preprocess strings that may contain a port number.

@agl agl closed this Apr 26, 2016
@golang golang locked and limited conversation to collaborators Apr 26, 2017
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
4 participants
You can’t perform that action at this time.