Unity-Technologies
/
curl
зеркало из https://github.com/Unity-Technologies/curl.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

warn if no CN is available if verify is only set to 1

This commit is contained in:
Daniel Stenberg 2003-09-03 20:47:17 +00:00
Родитель 840c0af014
Коммит 481094db90
1 изменённых файлов: 23 добавлений и 14 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

11
lib/ssluse.c
Просмотреть файл

@ -1025,11 +1025,19 @@ Curl_SSLConnect(struct connectdata *conn)
NID_commonName, NID_commonName,
peer_CN, peer_CN,
sizeof(peer_CN)) < 0) { sizeof(peer_CN)) < 0) {
/* Failed to get the CN field from the server's certificate */
if (data->set.ssl.verifyhost > 1) {
failf(data, "SSL: unable to obtain common name from peer certificate"); failf(data, "SSL: unable to obtain common name from peer certificate");
X509_free(conn->ssl.server_cert); X509_free(conn->ssl.server_cert);
return CURLE_SSL_PEER_CERTIFICATE; return CURLE_SSL_PEER_CERTIFICATE;
} }
else
/* Consider verifyhost == 1 as an "OK" for a missing CN field, but we
output a note about the situation */
infof(data, "\t common name: WARNING couldn't obtain\n");
}
else {
/* Compare the CN field with the remote host name */
if (!cert_hostcheck(peer_CN, conn->hostname)) { if (!cert_hostcheck(peer_CN, conn->hostname)) {
if (data->set.ssl.verifyhost > 1) { if (data->set.ssl.verifyhost > 1) {
failf(data, "SSL: certificate subject name '%s' does not match " failf(data, "SSL: certificate subject name '%s' does not match "
@ -1046,6 +1054,7 @@ Curl_SSLConnect(struct connectdata *conn)
else else
infof(data, "\t common name: %s (matched)\n", peer_CN); infof(data, "\t common name: %s (matched)\n", peer_CN);
} }
}
str = X509_NAME_oneline (X509_get_issuer_name (conn->ssl.server_cert), str = X509_NAME_oneline (X509_get_issuer_name (conn->ssl.server_cert),
NULL, 0); NULL, 0);