It's not the first time Apple has a bug with verifying the hostname of the certi... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		silvestrov on Feb 23, 2014 \| parent \| context \| favorite \| on: On the Timing of iOS’s SSL Vulnerability and Apple... It's not the first time Apple has a bug with verifying the hostname of the certificate. In June 2010 I reported that Safari 4 did not check the last letter of the hostname, so a certificate for example.de was accepted when accessing example.dk, and it would accept cert for example.co.ug when accessing example.co.uk The real problem is that Apple did not add unit testing when they fixed the problem in 2010. If they had, the goto bug would have been found.

mkempe on Feb 23, 2014 [–]

The "person" who made the "error" in the core code could have made a similar "error" in the unit test.

PhantomGremlin on Feb 24, 2014 | [–]

Yes, that would be quite the "coincidence", wouldn't it?

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact