GNOME Bugzilla – Bug 339663
Wildcard SSL certificates are not accepted
Last modified: 2006-07-20 01:21:43 UTC
Please describe the problem: Connecting to a FTP server over TLS/SSL which uses a wildcard SSL certificate (*.domain.tld) and having the "Verify SSL Peer" option active will not work. gFTP will abort the connection. Steps to reproduce: 1. Find or set up a server using a wildcard SSL certificate 2. Make sure the "Verify SSL Peer" option is on 3. Connect to the host Actual results: gFTP aborts the connection with the following error message: ERROR: The host in the SSL certificate (*.domain.tld) does not match the host that we connected to (ftp.domain.tld). Aborting connection. Expected results: gFTP should honour wildcards in the certificate's domain name (CN / common name entry) and continue checking the remaining certificate values (CA etc.). Does this happen every time? This problem is always reproducible. Other information:
Created attachment 67629 [details] [review] Patch adding support for wildcard certificates As there is still no reaction to this issue, I fixed the issue by myself. My (rather simple) solution is attached.
Created attachment 67633 [details] [review] Just noticed it'd be better to include the dot in the comparison. Using the cert *.example.com and connecting to evilexample.com would be possible. Now the host has to be evil.example.com to be recognized as a valid host name, as intended.
I added this patch to CVS. Thanks and sorry about the delay.