Feature request: server name validation using IP addresses #90
Comments
|
I see no activity on this, so let me I am trying to use the haskell kubernetes client to connect to google container engine(GKE). The certificate generated by GKE for the master node is for an IP address and the master node is only addressable by the IP address. I am willing to send a PR for this, I think I have figured out where I have to add the code. Please let me know if I should. Additionally, this PR would be useful as I would need some of the functionality implemented in it. But I am not sure why it is not merged. |
akshaymankar
added a commit
to akshaymankar/hs-certificate
that referenced
this issue
Jun 10, 2019
thomasjm
pushed a commit
to codedownio/hs-certificate
that referenced
this issue
Feb 22, 2024
akshaymankar
added a commit
to akshaymankar/hs-certificate
that referenced
this issue
Apr 29, 2024
akshaymankar
added a commit
to akshaymankar/hs-certificate
that referenced
this issue
Apr 29, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Relevant code: https://github.com/vincenthz/hs-certificate/blob/d107283dda08f070b602c15a46e7b45ddc146938/x509-validation/Data/X509/Validation.hs#L336-L339
The current name check only uses the DNS names in SANs if SANs are present. While I understand that it's generally not a good practice to use the IP address of a server as the server's identity, sometimes it's outside our control. For example, in Google Kubernetes Engine, clients locate the master by IP and the master's cert has the IP in its SANs.
The text was updated successfully, but these errors were encountered: