ZF-7110: Zend_Gdata ignores hostname mismatch

Description

When connecting to Google's auth servers, Zend_Gdata_ClientLogin does not seem to detect hostname mismatches when negotiating the SSL connection. Presumably, this applies to AuthSub as well.

This needs to be fixed to prevent a Mi tM attack against user's credentials.

Comments

What's the status of this issue?

No progress yet, other things have been taking up my time.

I might be able to spend some time on this sometime in the next week.

Bulk change of all issues last updated before 1st January 2010 as "Won't Fix".

Feel free to re-open and provide a patch if you want to fix this issue.