Bug #99767 | Contribution: Check SubjectAlternativeName for TLS instead of commonName | ||
---|---|---|---|
Submitted: | 3 Jun 2020 13:50 | Modified: | 5 Oct 2020 18:52 |
Reporter: | OCA Admin (OCA) | Email Updates: | |
Status: | Closed | Impact on me: | |
Category: | Connector / J | Severity: | S3 (Non-critical) |
Version: | 8.0 | OS: | Any |
Assigned to: | CPU Architecture: | Any | |
Tags: | Contribution |
[3 Jun 2020 13:50]
OCA Admin
[3 Jun 2020 13:50]
OCA Admin
Contribution submitted via Github - Check SubjectAlternativeName for TLS instead of commonName (*) Contribution by Daniël van Eeden (Github dveeden, mysql-connector-j/pull/49#issuecomment-637848978): I confirm the code being submitted is offered under the terms of the OCA, and that I am authorized to contribute it. On June 2, 2020 23:50:26 mysql-oca-bot <notifications@github.com> wrote: > > Hi, thank you for your contribution. Please confirm this code is submitted > under the terms of the OCA (Oracle''s Contribution Agreement) you have > previously signed by cutting and pasting the following text as a comment: > "I confirm the code being submitted is offered under the terms of the OCA, > and that I am authorized to contribute it." > Thanks— > You are receiving this because you authored the thread. > Reply to this email directly, view it on GitHub, or unsubscribe.
Contribution: git_patch_426796717.txt (text/plain), 6.51 KiB.
[4 Jun 2020 5:10]
MySQL Verification Team
Hello Daniël, Thank you for the report and contribution. regards, Umesh
[5 Oct 2020 18:52]
Daniel So
Posted by developer: Added the following entry to the Connector/J 8.0.22 changelog: "When the connection option sslMode is set to VERIFY_IDENTITY, Connector/J now validates the host name in the connection string against the host names or IP addresses provided under the Subject Alternative Name (SAN) extension in the server's X.509 certificate. Also, verification against the Common Name (CN) is now performed when a SAN is not provided in the certificate or if it does not contain any DNS name or IP address entries. Host names listed in the certificate, under either the SAN or the CN, can contain a wildcard character as specified in the RFC 6125 standard. Thanks to Daniël van Eeden for contributing to the patch"
[20 Oct 2020 6:55]
Frederic Descamps
Thank you Daniël for your contribution that has been added to 8.0.22: https://lefred.be/content/mysql-8-0-22-thank-you-for-the-contributions/