blob: 83f3ccab76004dbffa74febddfa83e35e7a359db (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
|
From 3c3622b66221d89509cffaa693fc7dcd5c5b96cf Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Wed, 2 Oct 2013 15:31:10 +0200
Subject: [PATCH] OpenSSL: acknowledge CURLOPT_SSL_VERIFYHOST without
VERIFYPEER
Setting only CURLOPT_SSL_VERIFYHOST without CURLOPT_SSL_VERIFYPEER set
should still verify that the host name fields in the server certificate
is fine or return failure.
Bug: http://curl.haxx.se/mail/lib-2013-10/0002.html
Reported-by: Ishan SinghLevett
---
lib/ssluse.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/ssluse.c b/lib/ssluse.c
index 4f3c1e1..9974ac8 100644
--- a/lib/ssluse.c
+++ b/lib/ssluse.c
@@ -2351,7 +2351,7 @@ static CURLcode servercert(struct connectdata *conn,
* operations.
*/
- if(!data->set.ssl.verifypeer)
+ if(!data->set.ssl.verifypeer && !data->set.ssl.verifyhost)
(void)servercert(conn, connssl, FALSE);
else
retcode = servercert(conn, connssl, TRUE);
--
1.8.4
|