systemd: Backport systemd-resolved: use hostname for certificate validation in DoT - linux/poky.git

diff options

author	Marek Vasut <marex@denx.de>	2023-10-11 00:47:48 +0200
committer	Steve Sakoman <steve@sakoman.com>	2023-10-20 05:35:31 -1000
commit	374e198436be1df8bbf1e5bc2487c3cde22c265a (patch)
tree	4224164c0e5590a47dfb70bf0b2c9c302dd8061a /meta-poky
parent	42c52c4f24e0c69be4eeec89cdbec360de3d1eee (diff)
download	poky-374e198436be1df8bbf1e5bc2487c3cde22c265a.tar.gz

systemd: Backport systemd-resolved: use hostname for certificate validation in DoT

Widely accepted certificates for IP addresses are expensive and only affordable for larger organizations. Therefore if the user provides the hostname in the DNS= option, we should use it instead of the IP address. This fixes https://nvd.nist.gov/vuln/detail/CVE-2018-21029 per suggestion https://github.com/systemd/systemd-stable/issues/72 . CVE: CVE-2018-21029 (From OE-Core rev: 6b4a583169ae40a8d51e7ffa33785409b5111a81) Signed-off-by: Marek Vasut <marex@denx.de> Signed-off-by: Steve Sakoman <steve@sakoman.com>

Diffstat (limited to 'meta-poky')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: