On Fri, Sep 02, 2016 at 11:48:25PM +0200, Sebastian Andrzej Siewior wrote: > control: tags -1 patch > > On 2016-06-26 12:24:37 [+0200], Kurt Roeckx wrote: > > OpenSSL 1.1.0 is about to released. During a rebuild of all packages using > > OpenSSL this package fail to build. A log of that build can be found at: > > https://breakpoint.cc/openssl-1.1-rebuild-2016-05-29/Attempted/uw-imap_2007f~dfsg-4_amd64-20160529-1548 > > > > On https://wiki.openssl.org/index.php/1.1_API_Changes you can see various > > of the > > reasons why it might fail. There are also updated man pages at > > https://www.openssl.org/docs/manmaster/ that should contain useful > > information. > > > > There is a libssl-dev package available in experimental that contains a > > recent > > snapshot, I suggest you try building against that to see if everything > > works. > > So I tried. However this code is level advanced and my skill level is > somewhere between easy and medium. More strong medium. This has been > compiled tested.
Looking at the certificate subject looks just wrong. It should at least check the Subject Altnerative Name, if present, and it should be present. And it really shouldn't convert it to a string and hope there are no other field that happen to have "CN=" in it. You might want to look at: https://wiki.openssl.org/index.php/Hostname_validation Kurt
