gtls: respect *VERIFYHOST independently of *VERIFYPEER
Security flaw CVE-2013-6422 This is conceptually the same problem and fix that3c3622b6
brought to the OpenSSL backend and that resulted in CVE-2013-4545. This version of the problem was independently introduced to the GnuTLS backend with commit59cf93cc
, present in the code since the libcurl 7.21.4 release. Advisory: http://curl.haxx.se/docs/adv_20131217.html Bug: http://curl.haxx.se/mail/lib-2013-11/0214.html Reported-by: Marc Deslauriers
This commit is contained in:
Родитель
8a8f9a5d57
Коммит
1dc43de0dc
|
@ -5,7 +5,7 @@
|
|||
* | (__| |_| | _ <| |___
|
||||
* \___|\___/|_| \_\_____|
|
||||
*
|
||||
* Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
|
||||
* Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
|
||||
*
|
||||
* This software is licensed as described in the file COPYING, which
|
||||
* you should have received as part of this distribution. The terms
|
||||
|
@ -633,10 +633,8 @@ gtls_connect_step3(struct connectdata *conn,
|
|||
else
|
||||
infof(data, "\t server certificate verification OK\n");
|
||||
}
|
||||
else {
|
||||
else
|
||||
infof(data, "\t server certificate verification SKIPPED\n");
|
||||
goto after_server_cert_verification;
|
||||
}
|
||||
|
||||
/* initialize an X.509 certificate structure. */
|
||||
gnutls_x509_crt_init(&x509_cert);
|
||||
|
@ -766,8 +764,6 @@ gtls_connect_step3(struct connectdata *conn,
|
|||
|
||||
gnutls_x509_crt_deinit(x509_cert);
|
||||
|
||||
after_server_cert_verification:
|
||||
|
||||
/* compression algorithm (if any) */
|
||||
ptr = gnutls_compression_get_name(gnutls_compression_get(session));
|
||||
/* the *_get_name() says "NULL" if GNUTLS_COMP_NULL is returned */
|
||||
|
|
Загрузка…
Ссылка в новой задаче