IO-Socket-SSL - Re: Checking of hostname missing

[ home | FAQ | about | stats | new post | login | register | tags ]
Attend the Test automation using Perl master class on 19-20 June in Chicago, IL. Just after YAPC::NA

IO-Socket-SSL [search.cpan.org] [Kobes search] [View and report bugs] [Ratings 5.0 (1) ]
[AnnoCPAN] [CPAN Tests results] [CPANTS]

Posted on Tue Jun 12 19:00:14 2007 by noxxi in response to 5413 (See the whole thread of 6)
Re: Checking of hostname missing

IO::Socket::SSL just checks if the certificate is valid at the SSL layer, e.g. that the certificate has a valid signature from a known CA. Interpretation and constrains on the CN of the certificate are specified at the application layer and depend on the protocol used. That's why it is specified in rfc4513 how the CN in the certificate should be checked for LDAP, in rfc2818 for HTTPS etc.

For instance rfc2818 states in 3.1 "If the client has external information as to the expected identity of the server, the hostname check MAY be omitted.".

So this is not an issue which IO::Socket::SSL, it's an issue with Net::LDAPS which should conform to RFC4513. It might do it using the verify_callback of IO::Socket::SSL

Direct Responses: 5431 | Write a response

[ home | FAQ | about | stats | new post | login | register | tags ]
Attend the Test automation using Perl master class on 19-20 June in Chicago, IL. Just after YAPC::NA
Service launched on 2nd of February 2005.
Comments, and other submissions on CPAN Forum are Copyright 2005-2007, their respective owners.
Site maintainer is not responsible for content. Privacy Policy
Maintained and hosted by Gabor Szabo at Perl Training Israel
See also World Wide Perl Training