Contact Details
I'll monitor this issue
Version
5.9.2
Description
When we upgrade curl from using wolfSSL 5.9.1 to 5.9.2 in our CI jobs, the long-running test 311 now permafails. The test is called HTTPS wrong subjectAltName but right CN and does exactly that: verifies that the handshake is denied when the certificate has the correct name in the CN field but incorrect in subjectAltName field.
The failed job can be seen in the PR trying to do this bump: curl/curl#22160
Starting in this version, wolfSSL now returns ASN_PARSE_E for this error. To me, this seems a little too generic and slightly wrong. This isn't really an ASN1 error. The ASN1 is to my knowledge correct. It just holds data that mismatches.
Reproduction steps
Build a recent curl and run its test 311 with wolfSSL 5.9.2
Relevant log output
Contact Details
I'll monitor this issue
Version
5.9.2
Description
When we upgrade curl from using wolfSSL 5.9.1 to 5.9.2 in our CI jobs, the long-running test 311 now permafails. The test is called HTTPS wrong subjectAltName but right CN and does exactly that: verifies that the handshake is denied when the certificate has the correct name in the CN field but incorrect in subjectAltName field.
The failed job can be seen in the PR trying to do this bump: curl/curl#22160
Starting in this version, wolfSSL now returns
ASN_PARSE_Efor this error. To me, this seems a little too generic and slightly wrong. This isn't really an ASN1 error. The ASN1 is to my knowledge correct. It just holds data that mismatches.Reproduction steps
Build a recent curl and run its test 311 with wolfSSL 5.9.2
Relevant log output