ZF-7110: Zend_Gdata ignores hostname mismatch


When connecting to Google's auth servers, Zend_Gdata_ClientLogin does not seem to detect hostname mismatches when negotiating the SSL connection. Presumably, this applies to AuthSub as well.

This needs to be fixed to prevent a Mi tM attack against user's credentials.


What's the status of this issue?

No progress yet, other things have been taking up my time.

I might be able to spend some time on this sometime in the next week.

Bulk change of all issues last updated before 1st January 2010 as "Won't Fix".

Feel free to re-open and provide a patch if you want to fix this issue.