blob: 2d51ddf965e577c3e1922bea39b12c33098d2817 [file] [log] [blame]
Andrew Geisslerc926e172021-05-07 16:11:35 -05001From fbe85634d88e82fbb439ae2a5d1aca8b8c309bea Mon Sep 17 00:00:00 2001
2From: Matt McCutchen <matt@mattmccutchen.net>
3Date: Wed, 26 Aug 2020 12:16:08 -0400
4Subject: [PATCH] rsync-ssl: Verify the hostname in the certificate when using
5 openssl.
6
7CVE: CVE-2020-14387
8
9Upstream-Status: Backport [https://git.samba.org/?p=rsync.git;a=commit;h=c3f7414]
10
11Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
12---
13 rsync-ssl | 2 +-
14 1 file changed, 1 insertion(+), 1 deletion(-)
15
16diff --git a/rsync-ssl b/rsync-ssl
17index 8101975..46701af 100755
18--- a/rsync-ssl
19+++ b/rsync-ssl
20@@ -129,7 +129,7 @@ function rsync_ssl_helper {
21 fi
22
23 if [[ $RSYNC_SSL_TYPE == openssl ]]; then
24- exec $RSYNC_SSL_OPENSSL s_client $caopt $certopt -quiet -verify_quiet -servername $hostname -connect $hostname:$port
25+ exec $RSYNC_SSL_OPENSSL s_client $caopt $certopt -quiet -verify_quiet -servername $hostname -verify_hostname $hostname -connect $hostname:$port
26 elif [[ $RSYNC_SSL_TYPE == gnutls ]]; then
27 exec $RSYNC_SSL_GNUTLS --logfile=/dev/null $gnutls_cert_opt $gnutls_opts $hostname:$port
28 else
29--
302.17.1
31