[ emacs-jabber-Bugs-2950401 ] Invalid TLS certificate checking

Bugs item #2950401, was opened at 2010-02-12 08:12
Message generated for change (Tracker Item Submitted) made by nobody
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=586350&aid=2950401&group_id=88346

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: Connectivity
Group: v0.8.0
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: Nobody/Anonymous (nobody)
Assigned to: Nobody/Anonymous (nobody)
Summary: Invalid TLS certificate checking

Initial Comment:
Debian bug report (see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=569338):

when connecting via TLS, jabber.el does not check for the correct CN in
the certificate:

  Jabber-ID: bob <at> example.com/Emacs
  DNS:       _xmpp-client._tcp.example.com IN SRV 50 50 5022 jabber.example.org.

jabber.el now looks up the SRV entry and connects to
jabber.example.org.  It then expects the certificate's CN to match
"jabber.example.org", but it should expect "example.com" as documented
in RFC 3920:

  Certificates MUST be checked against the hostname as provided by the
  initiating entity (e.g., a user), not the hostname as resolved via the
  Domain Name System; e.g., if the user specifies a hostname of
  "example.com" but a DNS SRV lookup returned "im.example.com", the
  certificate MUST be checked as "example.com".
    -- http://xmpp.org/rfcs/rfc3920.html#tls, 8.

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=586350&aid=2950401&group_id=88346

------------------------------------------------------------------------------
SOLARIS 10 is the OS for Data Centers - provides features such as DTrace,
Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW
http://p.sf.net/sfu/solaris-dev2dev