libinterimap: make SSL_verify check the hostname as well.

More precisely, ensure that the certificate Subject Alternative Name (SAN) or Subject CommonName (CN) matches the hostname or IP literal specified by the 'host' option. Previously it was only verifying the chain of trust. This bumps the minimum Net::SSLeay version to 1.83 and OpenSSL version 1.0.2.
author: Guilhem Moulin <guilhem@fripost.org> 2020-12-10 19:39:10 +0100
committer: Guilhem Moulin <guilhem@fripost.org> 2020-12-11 11:20:41 +0100
commit: 265f133600e9812726a52ea3067409ed3578e882 (patch)
tree: a4612e7207515bf090444bb0db78ebf989842283 /Changelog
parent: 84d1829fd0f955cf9fb7add54f60fc314b0d42b1 (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/Changelog b/Changelog
index 71e11f7..d227efb 100644
--- a/Changelog
+++ b/Changelog
@@ -1,5 +1,10 @@
 interimap (0.5.4) upstream;
 
+ * libinterimap: make SSL_verify also checks that the certificate
+   Subject Alternative Name (SAN) or Subject CommonName (CN) matches the
+   hostname or IP literal specified by the 'host' option.  Previously it
+   was only checking the chain of trust.  This bumps the minimum
+   Net::SSLeay version to 1.83 and OpenSSL version 1.0.2.
  + libinterimap: show the matching pinned SPKI in --debug mode.
  + test suite: always generate new certificates on `make test`.  Hence
    running `make test` now requires OpenSSL 1.1.1 or later.
author	Guilhem Moulin <guilhem@fripost.org>	2020-12-10 19:39:10 +0100
committer	Guilhem Moulin <guilhem@fripost.org>	2020-12-11 11:20:41 +0100
commit	265f133600e9812726a52ea3067409ed3578e882 (patch)
tree	a4612e7207515bf090444bb0db78ebf989842283 /Changelog
parent	84d1829fd0f955cf9fb7add54f60fc314b0d42b1 (diff)