Bug 39559

Summary: ssl_verify.c uses inet_aton which is IPv4 only
Product: Spice Reporter: Christophe Fergeau <teuf>
Component: spice-gtkAssignee: Lukas Venhoda <lvenhoda>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: medium    
Version: unspecified   
Hardware: Other   
OS: All   
Whiteboard:
i915 platform: i915 features:

Description Christophe Fergeau 2011-07-26 08:29:37 UTC 
When checking certificates, common/ssl_verify.c uses inet_aton to get an IP address in case the certificate contains an IP address instead of a hostname. Since inet_aton is IPv4 only, this means we won't be able to check for IPv6 addresses in certificates. We should either fix this function for IPv6 use, or use gnutls_x509_crt_check_hostname
Comment 1 Christophe Fergeau 2014-11-12 14:43:25 UTC 
verify_hostname in common/ssl_verify.c is derived from  gnutls_x509_crt_check_hostname2 in gnutls/lib/x509/hostname-verify.c , upstream seems to have ipv6 support for it
Comment 2 Pavel Grunt 2015-02-09 07:59:45 UTC 
*** Bug 46217 has been marked as a duplicate of this bug. ***
Comment 3 Lukas Venhoda 2015-11-05 07:42:27 UTC 
Bug resolved in spice-common with commit:
ssl-verify: Changed IPv4 hostname to IPv6
9749e7ed14ded2b455395bc6db84519a8ec0cc7b

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.