diff options
| author | elijahr <elijahr@users.noreply.github.com> | 2025-05-17 05:13:19 -0500 |
|---|---|---|
| committer | Garrett D'Amore <garrett@damore.org> | 2025-06-02 08:10:24 -0700 |
| commit | 5d4baea78c69b62116dbebb3b2710cfd341a19b7 (patch) | |
| tree | bb3c1163fc1cf2f847a196ddad9d2e53531aa486 /.github/pull_request_template.md | |
| parent | 2280bb0efe56b72f13e03345dfd9b77604bb40c5 (diff) | |
| download | nng-5d4baea78c69b62116dbebb3b2710cfd341a19b7.tar.gz nng-5d4baea78c69b62116dbebb3b2710cfd341a19b7.tar.bz2 nng-5d4baea78c69b62116dbebb3b2710cfd341a19b7.zip | |
fixes mbedtls 3.6.3 handshake with NULL server name
An explicit call to `mbedtls_ssl_set_hostname(NULL)` is now required if the hostname should not be verified in handshake. From the mbedtls changelog:
```
= Mbed TLS 3.6.3 branch released 2025-03-24
Default behavior changes
* In TLS clients, if mbedtls_ssl_set_hostname() has not been called,
mbedtls_ssl_handshake() now fails with MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME if certificate-based authentication of the server is attempted.
This is because authenticating a server without knowing what name
to expect is usually insecure. To restore the old behavior, either
call mbedtls_ssl_set_hostname() with NULL as the hostname, or
enable the new compile-time option MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME.
```
Diffstat (limited to '.github/pull_request_template.md')
0 files changed, 0 insertions, 0 deletions