winhttp(0/4): Verify hostname used in TLS connection
juan.lang at gmail.com
Thu Dec 3 13:22:36 CST 2009
This patch series verifies that the hostname used for a TLS (nee SSL)
connection matches the name in the certificate the server provided.
Some portion of this is redundant, since OpenSSL already verified that
the signatures of the certificates are valid, and that they're
anchored at a trusted root. Nonetheless, OpenSSL hasn't verified the
hostname, nor checked that the server is allowed to act as a TLS
This may cause some regressions, if there's a bug in crypt32.
Nevertheless, we're currently open to man in the middle attacks or
spoofing attacks, so this seems safer. This also gives me a chance to
know about regressions well before a 1.2 code freeze, so hopefully I
have a chance to fix them.
More information about the wine-patches