diff options
author | Marek Vasut <marex@denx.de> | 2023-10-11 00:47:48 +0200 |
---|---|---|
committer | Steve Sakoman <steve@sakoman.com> | 2023-10-20 05:35:31 -1000 |
commit | 374e198436be1df8bbf1e5bc2487c3cde22c265a (patch) | |
tree | 4224164c0e5590a47dfb70bf0b2c9c302dd8061a /meta-poky | |
parent | 42c52c4f24e0c69be4eeec89cdbec360de3d1eee (diff) | |
download | poky-374e198436be1df8bbf1e5bc2487c3cde22c265a.tar.gz |
systemd: Backport systemd-resolved: use hostname for certificate validation in DoT
Widely accepted certificates for IP addresses are expensive and only
affordable for larger organizations. Therefore if the user provides
the hostname in the DNS= option, we should use it instead of the IP
address.
This fixes https://nvd.nist.gov/vuln/detail/CVE-2018-21029 per
suggestion https://github.com/systemd/systemd-stable/issues/72 .
CVE: CVE-2018-21029
(From OE-Core rev: 6b4a583169ae40a8d51e7ffa33785409b5111a81)
Signed-off-by: Marek Vasut <marex@denx.de>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Diffstat (limited to 'meta-poky')
0 files changed, 0 insertions, 0 deletions