MDEV-18131 MariaDB does not verify IP addresses from subject alternative

names Added a call to X509_check_ip_asc() in case server_hostname represents an IP address.
2025-07-30 16:24:05 +03:00 · 2019-04-24 11:15:08 +02:00
parent eb9b03ab48
commit e116f11f0a
17 changed files with 488 additions and 471 deletions
--- a/mysql-test/lib/generate-ssl-certs.sh
+++ b/mysql-test/lib/generate-ssl-certs.sh
@ -31,7 +31,7 @@ openssl ca -keyfile cakey.pem -days 7300 -batch -cert cacert.pem -policy policy_

 # with SubjectAltName, only for OpenSSL 1.0.2+
 cat > demoCA/sanext.conf <<EOF
-subjectAltName=DNS:localhost
+subjectAltName=IP:127.0.0.1, DNS:localhost
 EOF
 openssl req -newkey rsa:1024 -keyout serversan-key.pem -out demoCA/serversan-req.pem -days 7300 -nodes -subj '/CN=server/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB'
 openssl ca -keyfile cakey.pem -extfile demoCA/sanext.conf -days 7300 -batch -cert cacert.pem -policy policy_anything -out serversan-cert.pem -infiles demoCA/serversan-req.pem