You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Scenario:
1- Create a Custom CA certificate
2- Create the NATS server certificate (signed by the above CA). Make sure to set the CommonName and SAN of the NATS server certificate to something random, for example nats-is-amazing.com
3- Start the NATS server (TLS enabled) with the generated cert, and bind it to 127.0.0.1
4- Using Ruby NATS client connect to the server over 127.0.0.1
Actual:
The Ruby NATS client successfully connects to the server
Expectation:
We expect the TLS handshake to fail since the server certificate was signed for nats-is-amazing.com
Is there a way of forcing host name checking during the TLS handshake?
Thanks in advance.
The text was updated successfully, but these errors were encountered:
Still limited to what Eventmachine supports here (eventmachine/eventmachine#814 | faye/faye-websocket-ruby#101 (comment)) so not possible yet. The Pure Ruby NATS client that does not depend on EM does support passing a SSL context directly already so host verification is feasible since ruby/openssl supports it (ruby/openssl#60).
Scenario:
1- Create a Custom CA certificate
2- Create the NATS server certificate (signed by the above CA). Make sure to set the CommonName and SAN of the NATS server certificate to something random, for example
nats-is-amazing.com
3- Start the NATS server (TLS enabled) with the generated cert, and bind it to 127.0.0.1
4- Using Ruby NATS client connect to the server over
127.0.0.1
Actual:
The Ruby NATS client successfully connects to the server
Expectation:
We expect the TLS handshake to fail since the server certificate was signed for
nats-is-amazing.com
Is there a way of forcing host name checking during the TLS handshake?
Thanks in advance.
The text was updated successfully, but these errors were encountered: