Ruby -- OpenSSL Hostname Verification Vulnerability

ID D4379F59-3E9B-49EB-933B-61DE4D0B0FDB
Type freebsd
Reporter FreeBSD
Modified 2015-09-23T00:00:00


Ruby Developers report:

After reviewing RFC 6125 and RFC 5280, we found multiple violations of matching hostnames and particularly wildcard certificates. Ruby’s OpenSSL extension will now provide a string-based matching algorithm which follows more strict behavior, as recommended by these RFCs. In particular, matching of more than one wildcard per subject/SAN is no-longer allowed. As well, comparison of these values are now case-insensitive.