Correctly verify abbreviated IPv6 SANs - ruby-openssl.git

diff options

author	Brian Cunnie <brian.cunnie@gmail.com>	2018-01-29 20:08:49 -0800
committer	Kazuki Yamaguchi <k@rhe.jp>	2021-09-26 19:15:53 +0900
commit	fc04f4a8b95cfe353e7ed51f1b9279729b1b7401 (patch)
tree	3569671f0c57fb4900ed18b19465fd0408f72839 /ext/openssl
parent	acc8079b4a6b88d3376a8ed941a18d3dfc556cc5 (diff)
download	ruby-openssl-fc04f4a8b95cfe353e7ed51f1b9279729b1b7401.tar.gz

Correctly verify abbreviated IPv6 SANs

[ This is a backport to the 2.1 branch. ] IPv6 SAN-verification accommodates ["zero-compression"](https://tools.ietf.org/html/rfc5952#section-2.2). It also accommodates non-compressed addresses. Previously the verification of IPv6 addresses would fail unless the address syntax matched a specific format (no zero-compression, no leading zeroes). As an example, the IPv6 loopback address, if represented as `::1`, would not verify. Nor would it verify if represented as `0000:0000:0000:0000:0000:0000:0000:0001`; however, both representations are valid, RFC-compliant representations. The library would only accept a very specific representation (i.e. `0:0:0:0:0:0:0:1`). This commit addresses that shortcoming, and ensures that any valid IPv6 representation will correctly verify. (cherry picked from commit 9322a104d16b02c7a79f9ab589859c9d63fabf52)

Diffstat (limited to 'ext/openssl')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: