make UpdateHostkeys still more conservative: refuse to proceed if - wireguard-openbsd - WireGuard implementation for the OpenBSD kernel

diff options

author	djm <djm@openbsd.org>	2020-10-14 00:55:17 +0000
committer	djm <djm@openbsd.org>	2020-10-14 00:55:17 +0000
commit	05e0a99435b4cdd01fd91c9ca05e14b051c26e20 (patch)
tree	236215d14bc2811997e80b6dce68c2c7ae2610a1 /lib/libssl/ssl_methods.c
parent	Make sure an OCSP query sends a host header (diff)
download	wireguard-openbsd-05e0a99435b4cdd01fd91c9ca05e14b051c26e20.tar.xz wireguard-openbsd-05e0a99435b4cdd01fd91c9ca05e14b051c26e20.zip

make UpdateHostkeys still more conservative: refuse to proceed if

one of the keys offered by the server is already in known_hosts under another name. This avoid collisions between address entries for different host aliases when CheckHostIP=yes Also, do not attempt to fix known_hosts with incomplete host/ip matches when there are no new or deprecated hostkeys.

Diffstat (limited to 'lib/libssl/ssl_methods.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: