projects / platform / upstream / curl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: a22c478)
OpenSSL: acknowledge CURLOPT_SSL_VERIFYHOST without VERIFYPEER
authorDaniel Stenberg <daniel@haxx.se>
Wed, 2 Oct 2013 13:31:10 +0000 (15:31 +0200)
committerDaniel Stenberg <daniel@haxx.se>
Wed, 2 Oct 2013 13:40:02 +0000 (15:40 +0200)
Setting only CURLOPT_SSL_VERIFYHOST without CURLOPT_SSL_VERIFYPEER set
should still verify that the host name fields in the server certificate
is fine or return failure.

Bug: http://curl.haxx.se/mail/lib-2013-10/0002.html
Reported-by: Ishan SinghLevett
lib/ssluse.c patch | blob | history

diff --git a/lib/ssluse.c b/lib/ssluse.c
index 4f3c1e1..9974ac8 100644 (file)
--- a/lib/ssluse.c
+++ b/lib/ssluse.c
@@ -2351,7 +2351,7 @@ ossl_connect_step3(struct connectdata *conn,
    * operations.
    */
 
-  if(!data->set.ssl.verifypeer)
+  if(!data->set.ssl.verifypeer && !data->set.ssl.verifyhost)
     (void)servercert(conn, connssl, FALSE);
   else
     retcode = servercert(conn, connssl, TRUE);
Domain: Network & Connectivity / Data Network;