History Of Ticket 9773973cfc90212087f851de2c94014ef72339d1

Artifacts Associated With Ticket 9773973cfc90212087f851de2c94014ef72339d1

  1. Ticket change [aad93e274f] (rid 1356) by anonymous on 2018-09-22 09:29:33:

    1. foundin initialized to: "1.7.16"
    2. icomment:
      The website https://badssl.com/ collects various test cases for insecure TLS connections, such as expired or incorrect hostnames in certificates. I can get many of them to pass by using explicit settings:
      
          -tls1 0 -tls1.1 0 -tls1.2 1 -require 1 -cafile /etc/ssl/cert.pem -cipher {ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-GCM-SHA256} -autoservername 1
      
      But others seem to be impossible to pass the tests with the current library. I can manually fix the hostname/wildcard matching by using a -command callback (there is another bug covering this), but I cannot either get it to reject a revoked certificate or a SHA-1 intermediate cert. These could be done via the -command callback, but unfortunately the raw certificate field passed to this callback is truncated so cannot be parsed.
      
    3. login: "anonymous"
    4. mimetype: "text/x-fossil-wiki"
    5. private_contact initialized to: "4d3bc24d727f6c89fb1509fef02f21887282efcc"
    6. severity initialized to: "Severe"
    7. status initialized to: "Open"
    8. title initialized to: "Library fails most tests from badssl.com"
    9. type initialized to: "Code Defect"
  2. Ticket change [8cb8ab1889] (rid 3681) by bohagan on 2024-06-28 22:27:24:

    1. icomment:
      A test suite was added to check the certificates at badssl.com. See commit [6729942f381c0f1a]. Since some
      of these certificates have expired, the test suite checks for the actual response rather than the planned one.
      
    2. login: "bohagan"
    3. mimetype: "text/x-fossil-plain"
    4. priority changed to: "Immediate"
    5. resolution changed to: "Fixed"
    6. status changed to: "Closed"