Displaying 7 results from an estimated 7 matches for "certcheck".
Did you mean:
certchecker
2017 May 15
5
Golang CertChecker hostname validation differs to OpenSSH
Hi all,
Last week I noticed that the CertChecker in the Go implementation of
x/crypto/ssh seems to be doing host principal validation incorrectly
and filed the following bug:
https://github.com/golang/go/issues/20273
By default they are looking for a principal named "host:port" inside
of the certificate presented by the server, inste...
2017 May 17
2
Golang CertChecker hostname validation differs to OpenSSH
> Uri (earlier in this thread) does answer this question clearly (that
> the principal should be the hostname only), and, now that I've found
> PROTOCOL.certkeys, this seems to be spelt out unambiguously there too:
In turn this means:
One cannot expect several SSH services on a single host to be securely distinguishable
from each other by their particular
2017 May 15
4
Golang CertChecker hostname validation differs to OpenSSH
On Mon, May 15, 2017 at 11:39 AM, Peter Moody <mindrot at hda3.com> wrote:
> my reading of the sshd manpage is that ssh is more permissive than it should be
>
> SSH_KNOWN_HOSTS FILE FORMAT :
> ...
>
> A hostname or address may optionally be enclosed within `[' and `]'
> brackets then followed by `:' and a non-standard port number.
Hi Peter, I'm not
2017 May 16
2
Golang CertChecker hostname validation differs to OpenSSH
On Wed, May 17, 2017 at 2:46 AM, Damien Miller <djm at mindrot.org> wrote:
> On Mon, 15 May 2017, Adam Eijdenberg wrote:
>> https://github.com/golang/go/issues/20273
>>
>> By default they are looking for a principal named "host:port" inside
>> of the certificate presented by the server, instead of just looking
>> for the host as I believe OpenSSH
2018 Aug 06
2
2.3.2.1 - relay to lmtps from other lan host
...dovecot ] is running on.
[ dovecot config ]
> service lmtp {
> ? unix_listener lmtp {
> ??? #mode = 0666
> ? }
[ ss -wxl | grep lmtp ]
> u_strLISTEN 0????? 100??? /var/run/dovecot/lmtp 68262?? * 0
So far so good. Now from the other lan host -> [ msmtp --serverinfo
--tls --tls-certcheck=off --host=172.24.109.6 --protocol=lmtp --port=262
] produces:
> msmtp: cannot connect to 172.24.109.6, port 262: Connection refused
2018 Aug 06
2
AW: 2.3.2.1 - relay to lmtps from other lan host
...>> service lmtp {
>> ? unix_listener lmtp {
>> ??? #mode = 0666
>> ? }
>
> [ ss -wxl | grep lmtp ]
>> u_strLISTEN 0????? 100??? /var/run/dovecot/lmtp 68262?? * 0
>
> So far so good. Now from the other lan host -> [ msmtp --serverinfo
> --tls --tls-certcheck=off --host=172.24.109.6 --protocol=lmtp --port=262
> ] produces:
>
>> msmtp: cannot connect to 172.24.109.6, port 262: Connection refused
>
>
2018 Aug 06
0
AW: 2.3.2.1 - relay to lmtps from other lan host
...ce lmtp {
>>> ? unix_listener lmtp {
>>> ??? #mode = 0666
>>> ? }
>> [ ss -wxl | grep lmtp ]
>>> u_strLISTEN 0????? 100??? /var/run/dovecot/lmtp 68262?? * 0
>> So far so good. Now from the other lan host -> [ msmtp --serverinfo
>> --tls --tls-certcheck=off --host=172.24.109.6 --protocol=lmtp --port=262
>> ] produces:
>>
>>> msmtp: cannot connect to 172.24.109.6, port 262: Connection refused
>>