CURLOPT_SSL_VERIFYHOST: stop supporting the 1 value

After a research team wrote a document[1] that found several live source codes out there in the wild that misused the CURLOPT_SSL_VERIFYHOST option thinking it was a boolean, this change now bans 1 as a value and will make libcurl return error for it. 1 was never a sensible value to use in production but was introduced back in the days to help debugging. It was always documented clearly this way. 1 was never supported by all SSL backends in libcurl, so this cleanup makes the treatment of it unified. The report's list of mistakes for this option were all PHP code and while there's a binding layer between libcurl and PHP, the PHP team has decided that they have an as thin layer as possible on top of libcurl so they will not alter or specifically filter a 'TRUE' value for this particular option. I sympathize with that position. [1] = http://daniel.haxx.se/blog/2012/10/25/libcurl-claimed-to-be-dangerous/
author: Daniel Stenberg <daniel@haxx.se> 2012-10-27 12:31:39 +0200
committer: Daniel Stenberg <daniel@haxx.se> 2012-11-06 19:46:53 +0100
commit: da82f59b697310229ccdf66104d5d65a44dfab98 (patch)
tree: e7e96d9878ad6ea7536342fc12083b489d28bad0 /lib/url.c
parent: ab1f80200a6d1bcbac167ede429be52f3ef838bc (diff)
1 files changed, 16 insertions, 4 deletions
diff --git a/lib/url.c b/lib/url.c
index b30a4fa51..5ffaa7305 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -708,7 +708,7 @@ CURLcode Curl_init_userdefined(struct UserDefined *set)
    * switched off unless wanted.
    */
   set->ssl.verifypeer = TRUE;
-  set->ssl.verifyhost = 2;
+  set->ssl.verifyhost = TRUE;
 #ifdef USE_TLS_SRP
   set->ssl.authtype = CURL_TLSAUTH_NONE;
 #endif
@@ -2049,13 +2049,25 @@ CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option,
     /*
      * Enable peer SSL verifying.
      */
-    data->set.ssl.verifypeer = va_arg(param, long);
+    data->set.ssl.verifypeer = (0 != va_arg(param, long))?TRUE:FALSE;
     break;
   case CURLOPT_SSL_VERIFYHOST:
     /*
-     * Enable verification of the CN contained in the peer certificate
+     * Enable verification of the host name in the peer certificate
      */
-    data->set.ssl.verifyhost = va_arg(param, long);
+    arg = va_arg(param, long);
+
+    /* Obviously people are not reading documentation and too many thought
+       this argument took a boolean when it wasn't and misused it. We thus ban
+       1 as a sensible input and we warn about its use. Then we only have the
+       2 action internally stored as TRUE. */
+
+    if(1 == arg) {
+      failf(data, "CURLOPT_SSL_VERIFYHOST no longer supports 1 as value!");
+      return CURLE_BAD_FUNCTION_ARGUMENT;
+    }
+
+    data->set.ssl.verifyhost = (0 != arg)?TRUE:FALSE;
     break;
 #ifdef USE_SSLEAY
     /* since these two options are only possible to use on an OpenSSL-
author	Daniel Stenberg <daniel@haxx.se>	2012-10-27 12:31:39 +0200
committer	Daniel Stenberg <daniel@haxx.se>	2012-11-06 19:46:53 +0100
commit	da82f59b697310229ccdf66104d5d65a44dfab98 (patch)
tree	e7e96d9878ad6ea7536342fc12083b489d28bad0 /lib/url.c
parent	ab1f80200a6d1bcbac167ede429be52f3ef838bc (diff)