Open natevw opened 9 years ago
There is logic in tls.js for validating server certificates using DNS, IP and URI "subject alternative names", but it looks like axTLS only bothers to gather the DNS ones: https://github.com/tessel/runtime/blob/bec6bbd7d8b758f17bc47ea86459efd42a030195/deps/axtls/ssl/x509.c#L187
This is unfortunate, as the net result is that you can't connect — at least, not without {rejectUnauthorized:false} insecurity — to an IP address over TLS, even if the cert has the IP address in it.
{rejectUnauthorized:false}
There is logic in tls.js for validating server certificates using DNS, IP and URI "subject alternative names", but it looks like axTLS only bothers to gather the DNS ones: https://github.com/tessel/runtime/blob/bec6bbd7d8b758f17bc47ea86459efd42a030195/deps/axtls/ssl/x509.c#L187
This is unfortunate, as the net result is that you can't connect — at least, not without
{rejectUnauthorized:false}insecurity — to an IP address over TLS, even if the cert has the IP address in it.