winhttp(0/4): Verify hostname used in TLS connection

Juan Lang juan.lang at gmail.com
Thu Dec 3 13:22:36 CST 2009


This patch series verifies that the hostname used for a TLS (nee SSL)
connection matches the name in the certificate the server provided.
Some portion of this is redundant, since OpenSSL already verified that
the signatures of the certificates are valid, and that they're
anchored at a trusted root.  Nonetheless, OpenSSL hasn't verified the
hostname, nor checked that the server is allowed to act as a TLS
server.

This may cause some regressions, if there's a bug in crypt32.
Nevertheless, we're currently open to man in the middle attacks or
spoofing attacks, so this seems safer.  This also gives me a chance to
know about regressions well before a 1.2 code freeze, so hopefully I
have a chance to fix them.
--Juan



More information about the wine-patches mailing list