Skip to content
This repository was archived by the owner on Feb 10, 2024. It is now read-only.
This repository was archived by the owner on Feb 10, 2024. It is now read-only.

SSL: The certificate's Common Name (CN) field is not verified #524

Closed
@andreyv

Description

@andreyv

HexChat doesn't check that the server-offered certificate really corresponds to the domain name HexChat is connecting to. In other words, it will accept any certificate, as long as it is signed by one of CAs that OpenSSL trusts.

Attack example: Mallet registers a domain name super.hacker.com and obtains a valid CA-signed SSL certificate for this domain. When Alice is connecting to chat.freenode.net, Mallet MITMs the connection and supplies his own certificate to Alice. Since it is not verified that the certificate actually corresponds to chat.freenode.net, verification succeeds and the secure connection is now compromised.


Want to back this issue? Place a bounty on it! We accept bounties via Bountysource.

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions