Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
None
-
None
Description
I've looked through the source code and cannot find any peer hostname validation code. It appears to me that Axis2/c is vulnerable to the problems discussed in this paper: http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf
Have I overlooked the TLS / SSL peer name validation?
Thanks
Attachments
Attachments
Issue Links
- is cloned by
-
AXIS2C-1700 Enable SSL/TLS peer name validation by default
- Open