fixes mbedtls 3.6.3 handshake with NULL server name - nng - A mirror of https://github.com/nanomsg/nng

diff options

author	elijahr <elijahr@users.noreply.github.com>	2025-05-17 05:13:19 -0500
committer	Garrett D'Amore <garrett@damore.org>	2025-06-02 08:10:24 -0700
commit	5d4baea78c69b62116dbebb3b2710cfd341a19b7 (patch)
tree	bb3c1163fc1cf2f847a196ddad9d2e53531aa486 /.github
parent	2280bb0efe56b72f13e03345dfd9b77604bb40c5 (diff)
download	nng-5d4baea78c69b62116dbebb3b2710cfd341a19b7.tar.gz nng-5d4baea78c69b62116dbebb3b2710cfd341a19b7.tar.bz2 nng-5d4baea78c69b62116dbebb3b2710cfd341a19b7.zip

fixes mbedtls 3.6.3 handshake with NULL server name

An explicit call to `mbedtls_ssl_set_hostname(NULL)` is now required if the hostname should not be verified in handshake. From the mbedtls changelog: ``` = Mbed TLS 3.6.3 branch released 2025-03-24 Default behavior changes * In TLS clients, if mbedtls_ssl_set_hostname() has not been called, mbedtls_ssl_handshake() now fails with MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME if certificate-based authentication of the server is attempted. This is because authenticating a server without knowing what name to expect is usually insecure. To restore the old behavior, either call mbedtls_ssl_set_hostname() with NULL as the hostname, or enable the new compile-time option MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME. ```

Diffstat (limited to '.github')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: