OpenSSL: use failf() when subjectAltName mismatches

author Andrej E Baranov <admin@andrej-andb.ru>

Sat, 12 Oct 2013 23:02:03 +0000 (01:02 +0200)

committer Daniel Stenberg <daniel@haxx.se>

Sun, 13 Oct 2013 17:12:58 +0000 (19:12 +0200)
author Andrej E Baranov <admin@andrej-andb.ru>
Sat, 12 Oct 2013 23:02:03 +0000 (01:02 +0200)
committer Daniel Stenberg <daniel@haxx.se>
Sun, 13 Oct 2013 17:12:58 +0000 (19:12 +0200)
diff --git a/lib/ssluse.c b/lib/ssluse.c

index 9974ac8..ef0c882 100644 (file)
--- a/lib/ssluse.c
+++ b/lib/ssluse.c
@@ -1192,6 +1192,8 @@ static CURLcode verifyhost(struct connectdata *conn,
      /* an alternative name field existed, but didn't match and then
         we MUST fail */
      infof(data, "\t subjectAltName does not match %s\n", conn->host.dispname);
+    failf(data, "SSL: alternative certificate subject names does not match "
+            "target host name '%s'", conn->host.dispname);
      res = CURLE_PEER_FAILED_VERIFICATION;
    }
    else {
author	Andrej E Baranov <admin@andrej-andb.ru>
	Sat, 12 Oct 2013 23:02:03 +0000 (01:02 +0200)
committer	Daniel Stenberg <daniel@haxx.se>
	Sun, 13 Oct 2013 17:12:58 +0000 (19:12 +0200)