MDEV-18131 MariaDB does not verify IP addresses from subject alternative

names Added a call to X509_check_ip_asc() in case server_hostname represents an IP address.
author: Vladislav Vaintroub <wlad@mariadb.com> 2019-04-24 11:15:08 +0200
committer: Vladislav Vaintroub <wlad@mariadb.com> 2019-04-28 12:49:59 +0200
commit: e116f11f0aeb740667294185534c859928dc125d (patch)
tree: 987944514ecc5fc1b865be3c1638488f6e0a7c7c /mysql-test/lib/generate-ssl-certs.sh
parent: eb9b03ab488d160aee487389605941a584e6074d (diff)
download: mariadb-git-e116f11f0aeb740667294185534c859928dc125d.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/mysql-test/lib/generate-ssl-certs.sh b/mysql-test/lib/generate-ssl-certs.sh
index 8f15ba9d521..4b333854c08 100755
--- a/mysql-test/lib/generate-ssl-certs.sh
+++ b/mysql-test/lib/generate-ssl-certs.sh
@@ -31,7 +31,7 @@ openssl ca -keyfile cakey.pem -days 7300 -batch -cert cacert.pem -policy policy_
 
 # with SubjectAltName, only for OpenSSL 1.0.2+
 cat > demoCA/sanext.conf <<EOF
-subjectAltName=DNS:localhost
+subjectAltName=IP:127.0.0.1, DNS:localhost
 EOF
 openssl req -newkey rsa:1024 -keyout serversan-key.pem -out demoCA/serversan-req.pem -days 7300 -nodes -subj '/CN=server/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB'
 openssl ca -keyfile cakey.pem -extfile demoCA/sanext.conf -days 7300 -batch -cert cacert.pem -policy policy_anything -out serversan-cert.pem -infiles demoCA/serversan-req.pem
author	Vladislav Vaintroub <wlad@mariadb.com>	2019-04-24 11:15:08 +0200
committer	Vladislav Vaintroub <wlad@mariadb.com>	2019-04-28 12:49:59 +0200
commit	e116f11f0aeb740667294185534c859928dc125d (patch)
tree	987944514ecc5fc1b865be3c1638488f6e0a7c7c /mysql-test/lib/generate-ssl-certs.sh
parent	eb9b03ab488d160aee487389605941a584e6074d (diff)
download	mariadb-git-e116f11f0aeb740667294185534c859928dc125d.tar.gz