aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Stenberg <daniel@haxx.se>2010-11-05 10:24:22 +0100
committerDaniel Stenberg <daniel@haxx.se>2010-11-05 10:25:58 +0100
commit87374a47c9d22521c8d31f1c4952db5fdb479903 (patch)
tree6199630ccfaefe19547b2b86975d8c9bb5daf70e
parent368f5a85474295b22f105430e59979082d7d7662 (diff)
Revert: use Host: name for SNI and cert name checks
This reverts commit b0fd03f5b8d4520dd232a9d13567d16bd0ad8951, 4b2fbe1e97891f, afecd1aa13b4f, 68cde058f66b3
-rw-r--r--lib/http.c25
-rw-r--r--lib/ssluse.c22
-rw-r--r--lib/url.c2
-rw-r--r--lib/urldata.h2
4 files changed, 22 insertions, 29 deletions
diff --git a/lib/http.c b/lib/http.c
index 0804ce050..ed0730c0a 100644
--- a/lib/http.c
+++ b/lib/http.c
@@ -2254,25 +2254,26 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
ptr = Curl_checkheaders(data, "Host:");
if(ptr && (!data->state.this_is_a_follow ||
Curl_raw_equal(data->state.first_host, conn->host.name))) {
-
+#if !defined(CURL_DISABLE_COOKIES)
/* If we have a given custom Host: header, we extract the host name in
order to possibly use it for cookie reasons later on. We only allow the
custom Host: header if this is NOT a redirect, as setting Host: in the
redirected request is being out on thin ice. Except if the host name
is the same as the first one! */
- char *chost = Curl_copy_header_value(ptr);
- if (!chost)
+ char *cookiehost = Curl_copy_header_value(ptr);
+ if (!cookiehost)
return CURLE_OUT_OF_MEMORY;
- if (!*chost)
+ if (!*cookiehost)
/* ignore empty data */
- free(chost);
+ free(cookiehost);
else {
- char *colon = strchr(chost, ':');
+ char *colon = strchr(cookiehost, ':');
if (colon)
*colon = 0; /* The host must not include an embedded port number */
- Curl_safefree(conn->allocptr.customhost);
- conn->allocptr.customhost = chost;
+ Curl_safefree(conn->allocptr.cookiehost);
+ conn->allocptr.cookiehost = cookiehost;
}
+#endif
conn->allocptr.host = NULL;
}
@@ -2596,8 +2597,8 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
if(data->cookies) {
Curl_share_lock(data, CURL_LOCK_DATA_COOKIE, CURL_LOCK_ACCESS_SINGLE);
co = Curl_cookie_getlist(data->cookies,
- conn->allocptr.customhost?
- conn->allocptr.customhost:host,
+ conn->allocptr.cookiehost?
+ conn->allocptr.cookiehost:host,
data->state.path,
(bool)(conn->protocol&PROT_HTTPS?TRUE:FALSE));
Curl_share_unlock(data, CURL_LOCK_DATA_COOKIE);
@@ -3688,8 +3689,8 @@ CURLcode Curl_http_readwrite_headers(struct SessionHandle *data,
data->cookies, TRUE, k->p+11,
/* If there is a custom-set Host: name, use it
here, or else use real peer host name. */
- conn->allocptr.customhost?
- conn->allocptr.customhost:conn->host.name,
+ conn->allocptr.cookiehost?
+ conn->allocptr.cookiehost:conn->host.name,
data->state.path);
Curl_share_unlock(data, CURL_LOCK_DATA_COOKIE);
}
diff --git a/lib/ssluse.c b/lib/ssluse.c
index 5a7294148..474bc9a33 100644
--- a/lib/ssluse.c
+++ b/lib/ssluse.c
@@ -1125,20 +1125,16 @@ static CURLcode verifyhost(struct connectdata *conn,
struct in_addr addr;
#endif
CURLcode res = CURLE_OK;
- char *hostname;
-
- hostname = conn->allocptr.customhost?conn->allocptr.customhost:
- conn->host.name;
#ifdef ENABLE_IPV6
if(conn->bits.ipv6_ip &&
- Curl_inet_pton(AF_INET6, hostname, &addr)) {
+ Curl_inet_pton(AF_INET6, conn->host.name, &addr)) {
target = GEN_IPADD;
addrlen = sizeof(struct in6_addr);
}
else
#endif
- if(Curl_inet_pton(AF_INET, hostname, &addr)) {
+ if(Curl_inet_pton(AF_INET, conn->host.name, &addr)) {
target = GEN_IPADD;
addrlen = sizeof(struct in_addr);
}
@@ -1180,7 +1176,7 @@ static CURLcode verifyhost(struct connectdata *conn,
if((altlen == strlen(altptr)) &&
/* if this isn't true, there was an embedded zero in the name
string and we cannot match it. */
- cert_hostcheck(altptr, hostname))
+ cert_hostcheck(altptr, conn->host.name))
matched = 1;
else
matched = 0;
@@ -1282,7 +1278,7 @@ static CURLcode verifyhost(struct connectdata *conn,
"SSL: unable to obtain common name from peer certificate");
res = CURLE_PEER_FAILED_VERIFICATION;
}
- else if(!cert_hostcheck((const char *)peer_CN, hostname)) {
+ else if(!cert_hostcheck((const char *)peer_CN, conn->host.name)) {
if(data->set.ssl.verifyhost > 1) {
failf(data, "SSL: certificate subject name '%s' does not match "
"target host name '%s'", peer_CN, conn->host.dispname);
@@ -1433,7 +1429,6 @@ ossl_connect_step1(struct connectdata *conn,
curl_socket_t sockfd = conn->sock[sockindex];
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
- const char *hostname;
bool sni;
#ifdef ENABLE_IPV6
struct in6_addr addr;
@@ -1646,15 +1641,12 @@ ossl_connect_step1(struct connectdata *conn,
connssl->server_cert = 0x0;
#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
- hostname = conn->allocptr.customhost?conn->allocptr.customhost:
- conn->host.name;
-
- if ((0 == Curl_inet_pton(AF_INET, hostname, &addr)) &&
+ if ((0 == Curl_inet_pton(AF_INET, conn->host.name, &addr)) &&
#ifdef ENABLE_IPV6
- (0 == Curl_inet_pton(AF_INET6, hostname, &addr)) &&
+ (0 == Curl_inet_pton(AF_INET6, conn->host.name, &addr)) &&
#endif
sni &&
- !SSL_set_tlsext_host_name(connssl->handle, hostname))
+ !SSL_set_tlsext_host_name(connssl->handle, conn->host.name))
infof(data, "WARNING: failed to configure server name indication (SNI) "
"TLS extension\n");
#endif
diff --git a/lib/url.c b/lib/url.c
index ef02b4f31..b715e998f 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -2534,7 +2534,7 @@ static void conn_free(struct connectdata *conn)
Curl_safefree(conn->allocptr.rangeline);
Curl_safefree(conn->allocptr.ref);
Curl_safefree(conn->allocptr.host);
- Curl_safefree(conn->allocptr.customhost);
+ Curl_safefree(conn->allocptr.cookiehost);
Curl_safefree(conn->allocptr.rtsp_transport);
Curl_safefree(conn->trailer);
Curl_safefree(conn->host.rawalloc); /* host name buffer */
diff --git a/lib/urldata.h b/lib/urldata.h
index 7b63b496b..4d6059152 100644
--- a/lib/urldata.h
+++ b/lib/urldata.h
@@ -796,7 +796,7 @@ struct connectdata {
char *rangeline; /* free later if not NULL! */
char *ref; /* free later if not NULL! */
char *host; /* free later if not NULL */
- char *customhost; /* free later if not NULL */
+ char *cookiehost; /* free later if not NULL */
char *rtsp_transport; /* free later if not NULL */
} allocptr;