Bug 636260 – In TLS verification host name matching should happen last

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 636260 - In TLS verification host name matching should happen last


Summary:	In TLS verification host name matching should happen last


Status:	RESOLVED DUPLICATE of bug 636258

Product:	empathy
Classification:	Core
Component:	Auth client
Version:	unspecified
Hardware:	Other Linux

Importance:	Normal normal
Target Milestone:	---
Assigned To:	empathy-maint
QA Contact:

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2010-12-01 22:32 UTC by Stef Walter
Modified:	2010-12-13 20:45 UTC

See Also:
GNOME target:	---
GNOME version:	---

Description Stef Walter 2010-12-01 22:32:19 UTC

Host name matching currently happens before checking whether the certificate is otherwise valid.

This encourages bad behavior by prompting people to examine the certificate and say "Hmmm, well it's just the name that doesn't match" and then 'Continue'. When it could have been a completely invalid certificate.

Comment 1 Stef Walter 2010-12-13 20:45:21 UTC

This will be fixed by bug #636258

*** This bug has been marked as a duplicate of bug 636258 ***