lelldorin
Thank you for this nice and bug report. Thank you to all people working on haiku.
Thank you for this nice and bug report. Thank you to all people working on haiku.
Great read, felt a bit like a super star when I saw my name there, even if I only changed a few lines of code. Love this project, amazing work everyone!
Another productive month. Thanks for the write-up, @PulkoMandy, and thanks to everyone who contributed changes.
Thank you for another activity report! And thanks for all the work that’s going into Haiku! 
I don’t know whether this explanation was written by Waddlesplash or Pulkomandy but it seriously undersells the importance of this change.
Rather than allowing “better” validation the change finally enables the basic checks. In all the years prior to this fix Haiku simply didn’t check names here, making all the security of SSL / TLS completely futile in all Haiku native applications such as WebPositive.
For example if you visited https://mybank.example/ you might expect that WebPositive would not accept a certificate for https://bad.example.com/ for that site, but until this fix was prompted you’d have been wrong and Haiku would give you no indication that there was any problem at all with your bank site.
2 replies