OpenSSL: acknowledge CURLOPT_SSL_VERIFYHOST without VERIFYPEER
Setting only CURLOPT_SSL_VERIFYHOST without CURLOPT_SSL_VERIFYPEER set should still verify that the host name fields in the server certificate is fine or return failure. Bug: http://curl.haxx.se/mail/lib-2013-10/0002.html Reported-by: Ishan SinghLevett
This commit is contained in:
Daniel Stenberg
Родитель
a22c478ed7
Коммит
3c3622b662
|
|
@ -2351,7 +2351,7 @@ ossl_connect_step3(struct connectdata *conn,
|
||||||
* operations.
|
* operations.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
if(!data->set.ssl.verifypeer)
|
if(!data->set.ssl.verifypeer && !data->set.ssl.verifyhost)
|
||||||
(void)servercert(conn, connssl, FALSE);
|
(void)servercert(conn, connssl, FALSE);
|
||||||
else
|
else
|
||||||
retcode = servercert(conn, connssl, TRUE);
|
retcode = servercert(conn, connssl, TRUE);
|
||||||
|
|
|
||||||
Загрузка…
Ссылка в новой задаче