Bug #93301 | TLS validation with SubjectAlternativeName | ||
---|---|---|---|
Submitted: | 22 Nov 2018 19:35 | Modified: | 13 Mar 2019 17:12 |
Reporter: | Daniël van Eeden (OCA) | Email Updates: | |
Status: | Closed | Impact on me: | |
Category: | Connector / C++ | Severity: | S3 (Non-critical) |
Version: | 8.0.13 | OS: | Any |
Assigned to: | CPU Architecture: | Any | |
Tags: | tls |
[22 Nov 2018 19:35]
Daniël van Eeden
[23 Nov 2018 8:43]
MySQL Verification Team
Hello Daniël, Thank you for the report. Verifying based on code comparison. regards, Umesh
[13 Mar 2019 17:12]
Paul DuBois
Posted by developer: Fixed in 8.0.16. Previously, for the SSL_MODE_VERIFY_IDENTITY connection option, Connector/C++ checked whether the host name that it used for connecting matched the Common Name value in the certificate but not the Subject Alternative Name value. Now, if used with OpenSSL 1.0.2 or higher, Connector/C++ checks whether the host name matches either the Subject Alternative Name value or the Common Name value in the server certificate.