From 3c3622b66221d89509cffaa693fc7dcd5c5b96cf Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Wed, 2 Oct 2013 15:31:10 +0200 Subject: [PATCH] OpenSSL: acknowledge CURLOPT_SSL_VERIFYHOST without VERIFYPEER Setting only CURLOPT_SSL_VERIFYHOST without CURLOPT_SSL_VERIFYPEER set should still verify that the host name fields in the server certificate is fine or return failure. Bug: http://curl.haxx.se/mail/lib-2013-10/0002.html Reported-by: Ishan SinghLevett --- lib/ssluse.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/ssluse.c b/lib/ssluse.c index 4f3c1e1..9974ac8 100644 --- a/lib/ssluse.c +++ b/lib/ssluse.c @@ -2351,7 +2351,7 @@ ossl_connect_step3(struct connectdata *conn, * operations. */ - if(!data->set.ssl.verifypeer) + if(!data->set.ssl.verifypeer && !data->set.ssl.verifyhost) (void)servercert(conn, connssl, FALSE); else retcode = servercert(conn, connssl, TRUE); -- 2.7.4