tlsdate-helper: fix SAN checking Right now, SAN checking checks against the host we're opening a socket to instead of the host we're actually trying to talk to, which is fine... as long as we don't have a proxy. Note that this problem only manifests for hosts whose CN is not equal to their hostname (so the default host of www.ptb.de is fine). To observe the problem: $ ssh -D 127.0.0.1:30000 somehost $ tlsdate -H clients3.google.com -x socks5://127.0.0.1:30000 hostname verification failed for host 127.0.0.1! child process failed in SSL handshake With this fix, you instead see no output. Signed-off-by: Elly Fong-Jones <[email protected]>

commit: ceb1fe26c3136fc206101b757bdae298e729acf9 [log] [tgz]
author: elly <[email protected]> Wed Feb 27 10:50:25 2013 -0500
committer: elly <[email protected]> Wed Feb 27 11:59:32 2013 -0500
tree: 4f60ea475bce4c4546fe9a24b4a7fddb263a2239
parent: ed9d643ea475d65bec106461339d8daa42ac6574 [diff] [blame]
diff --git a/CHANGELOG b/CHANGELOG
index 267f79b..79b1f12 100644
--- a/CHANGELOG
+++ b/CHANGELOG

@@ -1,5 +1,6 @@
 0.0.7 TBD
   Add -x option to tlsdated to override source proxies.
+  Correctly check SANs against target host when using proxies.
 0.0.6 Mon 18 Feb, 2013
   Ensure that tlsdate compiles with g++ by explicit casting rather than
   implicit casting by whatever compiler is compiling tlsdate.
commit	ceb1fe26c3136fc206101b757bdae298e729acf9	[log] [tgz]
author	elly <[email protected]>	Wed Feb 27 10:50:25 2013 -0500
committer	elly <[email protected]>	Wed Feb 27 11:59:32 2013 -0500
tree	4f60ea475bce4c4546fe9a24b4a7fddb263a2239
parent	ed9d643ea475d65bec106461339d8daa42ac6574 [diff] [blame]