IP Address fields in subjectAltNames not used
| Bug #68879 | IP Address fields in subjectAltNames not used | ||||
|---|---|---|---|---|---|
| Submitted: | 2015-01-21 19:40 UTC | Modified: | 2015-03-05 05:49 UTC | ||
| From: | fabian at ritter-vogt dot de | Assigned: | rdlowrey (profile) | ||
| Status: | Closed | Package: | OpenSSL related | ||
| PHP Version: | 5.6.4 | OS: | openSUSE 13.1 | ||
| Private report: | No | CVE-ID: | None | ||
[2015-01-21 19:40 UTC] fabian at ritter-vogt dot de
Description:
------------
The server at 10.2.0.1 has a certificate with CN set to the hostname and subjectAltNames set to the hostname and also IP-Address:
X509v3 Subject Alternative Name:
DNS:hostname.fqdn, DNS:hostname, IP Address:10.2.0.1
The certificate is correct, the import into the local trusted CA store worked:
$ curl https://10.2.0.1/some/file.html
Hi!
The php script below, however, prints the following error message:
Peer certificate CN=`hostname' did not match expected CN=`10.2.0.1'
It works if I replace "10.2.0.1" by "hostname" or "hostname.fqdn".
Test script:
---------------
<?php
file_get_contents("https://10.2.0.1/some/file.html");
?>
Patches
Pull Requests
History
AllCommentsChangesGit/SVN commits
[2015-03-04 17:31 UTC] rdlowrey@php.net
-Status: Open +Status: Verified -Assigned To: +Assigned To: rdlowrey
[2015-03-04 17:31 UTC] rdlowrey@php.net
[2016-12-08 19:13 UTC] spam2 at rhsoft dot net
[2017-02-01 13:17 UTC] spam2 at rhsoft dot net