Bug 47051 - "Subject Alternative Name" not used while checking certificate
Summary: "Subject Alternative Name" not used while checking certificate
Status: RESOLVED DUPLICATE of bug 32652
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: mod_ssl (show other bugs)
Version: 2.2-HEAD
Hardware: All All
: P2 enhancement (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
URL:
Keywords: FixedInTrunk
Depends on:
Blocks:
 
Reported: 2009-04-19 05:00 UTC by Björn
Modified: 2011-09-28 06:57 UTC (History)
1 user (show)



Attachments
a patch to mod_ssl search for the server's hostname in the Subject Alternative Name extension of a x509v3 certificate. (3.67 KB, patch)
2009-04-19 05:00 UTC, Björn
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Björn 2009-04-19 05:00:33 UTC
Created attachment 23511 [details]
a patch to mod_ssl search for the server's hostname in the Subject Alternative Name extension of a x509v3 certificate.

mod_ssl checks the common name part of the server certificate's subject field if it matches the server hostname. Some x509v3 certificates provide an extension that may specify additional server names. Those names can be searched addionally.

(I hope the patch meets apache's coding and quality guidelines.)
Comment 1 Andreas Kuckartz 2010-11-14 12:57:59 UTC
Is this issue from April 2009 really still not resolved ?

Firesheep will be happy ...
Comment 2 Eric Covener 2010-11-14 13:13:47 UTC
(In reply to comment #1)
> Is this issue from April 2009 really still not resolved ?
> 
> Firesheep will be happy ...

Does this patch do anything other than suppress a misleading startup warning?
Comment 3 Andreas Kuckartz 2010-11-15 01:18:29 UTC
(In reply to comment #2)
> Does this patch do anything other than suppress a misleading startup warning?

I am only a user trying to find out what to do to use https for several domains with a single IP-address. And then I found this issue.

If this issue is only about a misleading warning then the summary of the issue should be changed (because it is misleading).
Comment 4 Björn 2010-11-16 09:12:04 UTC
Hi!

This patch only prevents apache from printing an error message if the server name was found in one of the certificate's Subject Alternative Names.

This is NOT to a security issue at all.
Comment 5 Kaspar Brand 2011-09-28 06:57:20 UTC
Fixed for trunk with r1176752.

*** This bug has been marked as a duplicate of bug 32652 ***