aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Stenberg <daniel@haxx.se>2007-07-11 22:20:46 +0000
committerDaniel Stenberg <daniel@haxx.se>2007-07-11 22:20:46 +0000
commitd12759c73e34e432c5e2d438d6d34668b9c98a0e (patch)
tree6c1cb8e3e43a243be59b1dd776e92c1b7e9d1a73
parentc0095d6dd904c6ad82fe834cbef790ca4d231944 (diff)
Made CURLOPT_SSL_VERIFYHOST set to 1 acts as described in the documentation:
fail to connect if there is no Common Name field found in the remote cert. We should deprecate the support for this set to 1 anyway soon, since the feature is pointless and most likely never really used by anyone.
-rw-r--r--CHANGES6
-rw-r--r--RELEASE-NOTES3
-rw-r--r--lib/ssluse.c13
3 files changed, 11 insertions, 11 deletions
diff --git a/CHANGES b/CHANGES
index acbd88a5e..370138e31 100644
--- a/CHANGES
+++ b/CHANGES
@@ -6,6 +6,12 @@
Changelog
+Daniel S (12 July 2007)
+- Made CURLOPT_SSL_VERIFYHOST set to 1 acts as described in the documentation:
+ fail to connect if there is no Common Name field found in the remote cert.
+ We should deprecate the support for this set to 1 anyway soon, since the
+ feature is pointless and most likely never really used by anyone.
+
Daniel S (11 July 2007)
- Shmulik Regev fixed a bug with transfer-encoding skipping during the 407
error pages for proxy authentication.
diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 43bf84314..ccaa89007 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -18,6 +18,7 @@ This release includes the following bugfixes:
o test cases 31, 46, 61, 506, 517 now work in time zones that use leap seconds
o problem with closed proxy connection during HTTP CONNECT auth negotiation
o transfer-encoding skipping didn't ignore the 407 response bodies properly
+ o CURLOPT_SSL_VERIFYHOST set to 1
This release includes the following known bugs:
@@ -25,7 +26,7 @@ This release includes the following known bugs:
Other curl-related news:
- o
+ o pycurl 7.16.4 was released http://pycurl.sf.net
New curl mirrors:
diff --git a/lib/ssluse.c b/lib/ssluse.c
index 19412877c..97e244896 100644
--- a/lib/ssluse.c
+++ b/lib/ssluse.c
@@ -1131,16 +1131,9 @@ static CURLcode verifyhost(struct connectdata *conn,
#endif /* CURL_DOES_CONVERSIONS */
if (!peer_CN) {
- if(data->set.ssl.verifyhost > 1) {
- failf(data,
- "SSL: unable to obtain common name from peer certificate");
- return CURLE_SSL_PEER_CERTIFICATE;
- }
- else {
- /* Consider verifyhost == 1 as an "OK" for a missing CN field, but we
- output a note about the situation */
- infof(data, "\t common name: WARNING couldn't obtain\n");
- }
+ failf(data,
+ "SSL: unable to obtain common name from peer certificate");
+ return CURLE_SSL_PEER_CERTIFICATE;
}
else if(!cert_hostcheck((const char *)peer_CN, conn->host.name)) {
if(data->set.ssl.verifyhost > 1) {