39559 – ssl_verify.c uses inet_aton which is IPv4 only

Bug 39559 - ssl_verify.c uses inet_aton which is IPv4 only

Summary: ssl_verify.c uses inet_aton which is IPv4 only

Status:	RESOLVED FIXED

Alias:	None

Product:	Spice
Classification:	Unclassified
Component:	spice-gtk (show other bugs)
Version:	unspecified
Hardware:	Other All

Importance:	medium normal
Assignee:	Lukas Venhoda
QA Contact:

URL:
Whiteboard:
Keywords:

Duplicates (1):	46217 (view as bug list)
Depends on:
Blocks:

Reported:	2011-07-26 08:29 UTC by Christophe Fergeau
Modified:	2015-11-05 07:42 UTC (History)
CC List:	0 users

See Also:
i915 platform:
i915 features:

Attachments

Description Christophe Fergeau 2011-07-26 08:29:37 UTC

When checking certificates, common/ssl_verify.c uses inet_aton to get an IP address in case the certificate contains an IP address instead of a hostname. Since inet_aton is IPv4 only, this means we won't be able to check for IPv6 addresses in certificates. We should either fix this function for IPv6 use, or use gnutls_x509_crt_check_hostname

Comment 1 Christophe Fergeau 2014-11-12 14:43:25 UTC

verify_hostname in common/ssl_verify.c is derived from  gnutls_x509_crt_check_hostname2 in gnutls/lib/x509/hostname-verify.c , upstream seems to have ipv6 support for it

Comment 2 Pavel Grunt 2015-02-09 07:59:45 UTC

*** Bug 46217 has been marked as a duplicate of this bug. ***

Comment 3 Lukas Venhoda 2015-11-05 07:42:27 UTC

Bug resolved in spice-common with commit:
ssl-verify: Changed IPv4 hostname to IPv6
9749e7ed14ded2b455395bc6db84519a8ec0cc7b

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.