diff options
author | Daniel Stenberg <daniel@haxx.se> | 2007-07-11 22:20:46 +0000 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2007-07-11 22:20:46 +0000 |
commit | d12759c73e34e432c5e2d438d6d34668b9c98a0e (patch) | |
tree | 6c1cb8e3e43a243be59b1dd776e92c1b7e9d1a73 | |
parent | c0095d6dd904c6ad82fe834cbef790ca4d231944 (diff) |
Made CURLOPT_SSL_VERIFYHOST set to 1 acts as described in the documentation:
fail to connect if there is no Common Name field found in the remote cert.
We should deprecate the support for this set to 1 anyway soon, since the
feature is pointless and most likely never really used by anyone.
-rw-r--r-- | CHANGES | 6 | ||||
-rw-r--r-- | RELEASE-NOTES | 3 | ||||
-rw-r--r-- | lib/ssluse.c | 13 |
3 files changed, 11 insertions, 11 deletions
@@ -6,6 +6,12 @@ Changelog +Daniel S (12 July 2007) +- Made CURLOPT_SSL_VERIFYHOST set to 1 acts as described in the documentation: + fail to connect if there is no Common Name field found in the remote cert. + We should deprecate the support for this set to 1 anyway soon, since the + feature is pointless and most likely never really used by anyone. + Daniel S (11 July 2007) - Shmulik Regev fixed a bug with transfer-encoding skipping during the 407 error pages for proxy authentication. diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 43bf84314..ccaa89007 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -18,6 +18,7 @@ This release includes the following bugfixes: o test cases 31, 46, 61, 506, 517 now work in time zones that use leap seconds o problem with closed proxy connection during HTTP CONNECT auth negotiation o transfer-encoding skipping didn't ignore the 407 response bodies properly + o CURLOPT_SSL_VERIFYHOST set to 1 This release includes the following known bugs: @@ -25,7 +26,7 @@ This release includes the following known bugs: Other curl-related news: - o + o pycurl 7.16.4 was released http://pycurl.sf.net New curl mirrors: diff --git a/lib/ssluse.c b/lib/ssluse.c index 19412877c..97e244896 100644 --- a/lib/ssluse.c +++ b/lib/ssluse.c @@ -1131,16 +1131,9 @@ static CURLcode verifyhost(struct connectdata *conn, #endif /* CURL_DOES_CONVERSIONS */ if (!peer_CN) { - if(data->set.ssl.verifyhost > 1) { - failf(data, - "SSL: unable to obtain common name from peer certificate"); - return CURLE_SSL_PEER_CERTIFICATE; - } - else { - /* Consider verifyhost == 1 as an "OK" for a missing CN field, but we - output a note about the situation */ - infof(data, "\t common name: WARNING couldn't obtain\n"); - } + failf(data, + "SSL: unable to obtain common name from peer certificate"); + return CURLE_SSL_PEER_CERTIFICATE; } else if(!cert_hostcheck((const char *)peer_CN, conn->host.name)) { if(data->set.ssl.verifyhost > 1) { |