libcloud -- possible SSL MITM due to invalid regexp used to validate target server hostname

2012-08-01T00:00:00
ID A14DEE30-E3D7-11E1-A084-50E5492BD3DC
Type freebsd
Reporter FreeBSD
Modified 2012-08-01T00:00:00

Description

The libcloud development team reports:

When establishing a secure (SSL / TLS) connection to a target server an invalid regular expression has been used for performing the hostname verification. Subset instead of the full target server hostname has been marked an an acceptable match for the given hostname. For example, certificate with a hostname field of "aexample.com" was considered a valid certificate for domain "example.com".