- Notifications
You must be signed in to change notification settings - Fork425
Verify hostname according to rfc2818#455
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Uh oh!
There was an error while loading.Please reload this page.
Conversation
deanberris commentedOct 13, 2014
@eakraly -- Can you please make sure the travis build is green? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
You also need to change the declaration ofconnection_delegate::connect(...) to match this -- it's pure virtual there, and it causes the error.
deanberris commentedOct 13, 2014
In general, if you can run clang-format on the changes you're making (to keep it consistent with the surrounding code), then that would be most appreciated. A local build/test cycle (along with making sure Travis is happy) would also go a long way here. 😄 Thanks@eakraly! |
eakraly commentedOct 13, 2014
Just wanted to make it clear - this issue is very serious security bug in the library that allows MITM attack on all TLS connections made by the library. |
deanberris commentedOct 13, 2014
Thanks@eakraly -- yes, I understand it's serious. This makes me happy I waited before releasing 0.11.1. I'll roll a new RC soon enough. Cheers |
Verify hostname according to rfc2818
Without this check HTTPS connection is vulnerable to MITM attack when the attacker would return a valid certificate but from wrong host.