- Sven Anders reported that we introduced a cert verfication flaw for OpenSSL-

powered libcurl in 7.19.6. If there was a X509v3 Subject Alternative Name field in the certficate it had to match and so even if non-DNS and non-IP entry was present it caused the verification to fail.
author: Daniel Stenberg <daniel@haxx.se> 2009-09-16 20:44:18 +0000
committer: Daniel Stenberg <daniel@haxx.se> 2009-09-16 20:44:18 +0000
commit: 250ba9949894571052888cd2065defbb3e00b183 (patch)
tree: bd368d9b53bf8d43cbee54515f097b76a16843e2 /CHANGES
parent: c2c3a46e3e69afb6f34410b89919b2e5c18ce1c4 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index 816505f02..c9a34891e 100644
--- a/CHANGES
+++ b/CHANGES
@@ -6,6 +6,12 @@
 
                                   Changelog
 
+Daniel Stenberg (16 Sep 2009)
+- Sven Anders reported that we introduced a cert verfication flaw for OpenSSL-
+  powered libcurl in 7.19.6. If there was a X509v3 Subject Alternative Name
+  field in the certficate it had to match and so even if non-DNS and non-IP
+  entry was present it caused the verification to fail.
+
 Daniel Fandrich (15 Sep 2009)
 - Moved the libssh2 checks after the SSL library checks. This helps when
   statically linking since libssh2 needs the SSL library link flags to be
author	Daniel Stenberg <daniel@haxx.se>	2009-09-16 20:44:18 +0000
committer	Daniel Stenberg <daniel@haxx.se>	2009-09-16 20:44:18 +0000
commit	250ba9949894571052888cd2065defbb3e00b183 (patch)
tree	bd368d9b53bf8d43cbee54515f097b76a16843e2 /CHANGES
parent	c2c3a46e3e69afb6f34410b89919b2e5c18ce1c4 (diff)