certcheck: use the custom Host: name for checks

If you use a custom Host: name in a request to a SSL server, libcurl
will now use that given name when it verifies the server certificate to
be correct rather than using the host name used in the actual URL.

1 files changed, 8 insertions, 4 deletions

diff --git a/lib/ssluse.c b/lib/ssluse.c
index b3a05f907..5a7294148 100644
--- a/lib/ssluse.c
+++ b/lib/ssluse.c
@@ -1125,16 +1125,20 @@ static CURLcode verifyhost(struct connectdata *conn,
   struct in_addr addr;
 #endif
   CURLcode res = CURLE_OK;
+  char *hostname;
+
+  hostname = conn->allocptr.customhost?conn->allocptr.customhost:
+    conn->host.name;
 
 #ifdef ENABLE_IPV6
   if(conn->bits.ipv6_ip &&
-     Curl_inet_pton(AF_INET6, conn->host.name, &addr)) {
+     Curl_inet_pton(AF_INET6, hostname, &addr)) {
     target = GEN_IPADD;
     addrlen = sizeof(struct in6_addr);
   }
   else
 #endif
-    if(Curl_inet_pton(AF_INET, conn->host.name, &addr)) {
+    if(Curl_inet_pton(AF_INET, hostname, &addr)) {
       target = GEN_IPADD;
       addrlen = sizeof(struct in_addr);
     }
@@ -1176,7 +1180,7 @@ static CURLcode verifyhost(struct connectdata *conn,
           if((altlen == strlen(altptr)) &&
              /* if this isn't true, there was an embedded zero in the name
                 string and we cannot match it. */
-             cert_hostcheck(altptr, conn->host.name))
+             cert_hostcheck(altptr, hostname))
             matched = 1;
           else
             matched = 0;
@@ -1278,7 +1282,7 @@ static CURLcode verifyhost(struct connectdata *conn,
             "SSL: unable to obtain common name from peer certificate");
       res = CURLE_PEER_FAILED_VERIFICATION;
     }
-    else if(!cert_hostcheck((const char *)peer_CN, conn->host.name)) {
+    else if(!cert_hostcheck((const char *)peer_CN, hostname)) {
       if(data->set.ssl.verifyhost > 1) {
         failf(data, "SSL: certificate subject name '%s' does not match "
               "target host name '%s'", peer_CN, conn->host.dispname);