ZF-7110: Zend_Gdata ignores hostname mismatch

Issue Type: Bug Created: 2009-06-23T18:00:35.000+0000 Last Updated: 2012-11-20T20:52:30.000+0000 Status: Closed Fix version(s): Reporter: Trevor Johns (tjohns) Assignee: None Tags: - Zend_Gdata

Related issues: Attachments:


When connecting to Google's auth servers, Zend_Gdata_ClientLogin does not seem to detect hostname mismatches when negotiating the SSL connection. Presumably, this applies to AuthSub as well.

This needs to be fixed to prevent a Mi tM attack against user's credentials.


Posted by Dolf Schimmel (Freeaqingme) (freak) on 2009-07-26T09:45:57.000+0000

What's the status of this issue?

Posted by Trevor Johns (tjohns) on 2009-07-28T23:01:17.000+0000

No progress yet, other things have been taking up my time.

I might be able to spend some time on this sometime in the next week.

Posted by Rob Allen (rob) on 2012-11-20T20:52:30.000+0000

Bulk change of all issues last updated before 1st January 2010 as "Won't Fix".

Feel free to re-open and provide a patch if you want to fix this issue.

Have you found an issue?

See the Overview section for more details.


© 2006-2018 by Zend, a Rogue Wave Company. Made with by awesome contributors.

This website is built using zend-expressive and it runs on PHP 7.