projects / platform / upstream / curl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 8a8f9a5) | patch
gtls: respect *VERIFYHOST independently of *VERIFYPEER
authorDaniel Stenberg <daniel@haxx.se>
Fri, 29 Nov 2013 21:46:05 +0000 (22:46 +0100)
committerDaniel Stenberg <daniel@haxx.se>
Mon, 16 Dec 2013 21:47:31 +0000 (22:47 +0100)
commit1dc43de0dccc2ea7da6dddb7b98f8d7dcf323914
tree39a854a8cc010acc3ba917c865b071a3e0a78b50tree | snapshot
parent8a8f9a5d5775ea58807b3c3ff86a9b96ae4b0925commit | diff
gtls: respect *VERIFYHOST independently of *VERIFYPEER

Security flaw CVE-2013-6422

This is conceptually the same problem and fix that 3c3622b6 brought to the
OpenSSL backend and that resulted in CVE-2013-4545.

This version of the problem was independently introduced to the GnuTLS
backend with commit 59cf93cc, present in the code since the libcurl
7.21.4 release.

Advisory: http://curl.haxx.se/docs/adv_20131217.html
Bug: http://curl.haxx.se/mail/lib-2013-11/0214.html
Reported-by: Marc Deslauriers
lib/gtls.c diff | blob | history
Domain: Network & Connectivity / Data Network;