ZF-7110: Zend_Gdata ignores hostname mismatch

Issue Type:
Bug
Created:
2009-06-23T18:00:35.000+0000
Last Updated:
2012-11-20T20:52:30.000+0000
Status:
Closed
Fix version(s):
    Reporter:
    Trevor Johns (tjohns)
    Assignee:
    None
    Tags:
    • Zend_Gdata
    Related issues:
    Attachments:

    Description

    When connecting to Google's auth servers, Zend_Gdata_ClientLogin does not seem to detect hostname mismatches when negotiating the SSL connection. Presumably, this applies to AuthSub as well.

    This needs to be fixed to prevent a Mi tM attack against user's credentials.

    Comments

    Posted by Dolf Schimmel (Freeaqingme) (freak) on 2009-07-26T09:45:57.000+0000

    What's the status of this issue?

    Posted by Trevor Johns (tjohns) on 2009-07-28T23:01:17.000+0000

    No progress yet, other things have been taking up my time.

    I might be able to spend some time on this sometime in the next week.

    Posted by Rob Allen (rob) on 2012-11-20T20:52:30.000+0000

    Bulk change of all issues last updated before 1st January 2010 as "Won't Fix".

    Feel free to re-open and provide a patch if you want to fix this issue.