search

vincenthz / hs-connection

simple client connection library in haskell with builtin features: SSL/TLS, SOCKS, session management.
Other
61 stars 48 forks source link

https://badssl.com/ test failure #21

Closed ethercrow closed 1 year ago

ethercrow commented 8 years ago

When trying to connect to "expired.badssl.com" and "self-signed.badssl.com" I see relevant exceptions. However, connecting to "wrong.host.badssl.com" unexpectedly succeeds. I haven't figured out yet how to enable hostname verification or to understand if it's even implemented somewhere.

import Network.Connection
import Data.Default

main = do
    ctx <- initConnectionContext
    con <- connectTo ctx $ ConnectionParams
        -- { connectionHostname  = "expired.badssl.com"
        -- { connectionHostname  = "wrong.host.badssl.com"
        { connectionHostname  = "self-signed.badssl.com"
        , connectionPort      = 443
        , connectionUseSecure = Just def
        , connectionUseSocks  = Nothing
        }
    connectionClose con
vincenthz commented 8 years ago

tls doesn't yet support the list of valid provider of subdomains, the certificate is allowing *.badssl.com which validate with the hostname you're trying to connect to.

https://github.com/vincenthz/hs-certificate/pull/52

ocheron commented 7 years ago

This has been fixed in x509-validation-1.6.5.