Posted by Shugo Maeda on 4 Oct 2007 Rubyã«æ¨æºã§æ·»ä»ããã¦ããnet/httpsã©ã¤ãã©ãª(net/https.rb)ã«ããã¦ããã®ã©ã¤ãã©ãªã使ç¨ãã¦httpsãããã³ã«ãçºè¡ããå ´åãä¸éè ã«ãããªããã¾ãæ»æ(man-in-the-middle attack)ãæ¤åºã§ããªãã¨ããåé¡ãçºè¦ããã¾ããã ãã®èå¼±æ§ã«ã¤ãã¦ã¯ã<URL:http://www.isecpartners.com/advisories/2007-006-rubyssl.txt>ã¨ãã¦å ¬éããã¦ãã¾ãã å½±é¿ net/http.rbã§ã¯ãSSLæ¥ç¶ã®éã«ã証ææ¸ã®CNããªã¯ã¨ã¹ãå ã®DNSåã«å¯¾ãã¦æ¤è¨¼ããã¾ãããããã«ãããæ»æè ããªã¯ã¨ã¹ãå ã®ãµã¼ãã«ãªããã¾ããã¨ãå¯è½ã«ãªãã¾ãã èå¼±æ§ã®åå¨ãããã¼ã¸ã§ã³ 1.8ç³» 1.8.4以åã®å ¨ã¦ã®ãã¼ã¸ã§ã³ã1.8.5-
ãªãªã¼ã¹ãé害æ å ±ãªã©ã®ãµã¼ãã¹ã®ãç¥ãã
ææ°ã®äººæ°ã¨ã³ããªã¼ã®é ä¿¡
å¦çãå®è¡ä¸ã§ã
j次ã®ããã¯ãã¼ã¯
kåã®ããã¯ãã¼ã¯
lãã¨ã§èªã
eã³ã¡ã³ãä¸è¦§ãéã
oãã¼ã¸ãéã
{{#tags}}- {{label}}
{{/tags}}