hostname verification

About this tag
Hostname verification is a critical security check in TLS/SSL connections that ensures the certificate presented by a server matches the hostname the client intended to reach. Discussions on WindowsForum.com highlight vulnerabilities such as CVE-2020-36477 in Mbed TLS, where a bug allowed hostname verification to compare the expected hostname against any subjectAltName entry without checking its type, enabling IP-to-hostname impersonation. This underscores the importance of proper hostname verification in embedded TLS libraries and enterprise IT environments to prevent man-in-the-middle attacks. The tag covers security updates, troubleshooting, and best practices for hostname verification in Windows and cross-platform contexts.
  1. CVE-2020-36477: Mbed TLS X509 Hostname Verification Bug

    Mbed TLS contained a subtle but consequential X.509 verification bug — tracked as CVE-2020-36477 — that allowed the library to compare the expected hostname (the cn argument passed to mbedtls_x509_crt_verify) against any entry in the certificate’s subjectAltName (SAN) extension without checking...