-
Notifications
You must be signed in to change notification settings - Fork 30k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
subject alternative names not respected by tls.checkServerIdentity
#9639
Labels
tls
Issues and PRs related to the tls subsystem.
Comments
/cc @indutny |
Please post a standalone test case. I'm highly skeptical that this bug report is correct. To illustrate:
|
Thank you for helping me figure this out. This was caused by an invalid certificate. The issue can be closed. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The
tls.checkServerIdentity
(https://github.com/nodejs/node/blob/master/lib/tls.js#L144) function assumes that subject alternative names can be accessed ascert.subjectaltname
. Tests also use this: https://github.com/nodejs/node/blob/master/test/parallel/test-tls-check-server-identity.js#L59At the same time the certificate object looks like something like this (as reported by
tls.connect
):This way the alt names will never be respected.
The text was updated successfully, but these errors were encountered: