diff options
author | Faizur Rahman <faizurahman@gmail.com> | 2019-12-25 18:49:48 -0500 |
---|---|---|
committer | Jay Satiro <raysatiro@yahoo.com> | 2020-01-11 18:23:46 -0500 |
commit | 29e40a6d8a70630dd8eaa15beded205792342d08 (patch) | |
tree | 3219d5c4190b19efef62855d6ace3a969390ddd0 /lib/vtls/gskit.h | |
parent | cbb5429001084df4e71ebd95dbf748c3c302c9f7 (diff) |
schannel: Make CURLOPT_CAINFO work better on Windows 7
- Support hostname verification via alternative names (SAN) in the
peer certificate when CURLOPT_CAINFO is used in Windows 7 and earlier.
CERT_NAME_SEARCH_ALL_NAMES_FLAG doesn't exist before Windows 8. As a
result CertGetNameString doesn't quite work on those versions of
Windows. This change provides an alternative solution for
CertGetNameString by iterating through CERT_ALT_NAME_INFO for earlier
versions of Windows.
Prior to this change many certificates failed the hostname validation
when CURLOPT_CAINFO was used in Windows 7 and earlier. Most certificates
now represent multiple hostnames and rely on the alternative names field
exclusively to represent their hostnames.
Reported-by: Jeroen Ooms
Fixes https://github.com/curl/curl/issues/3711
Closes https://github.com/curl/curl/pull/4761
Diffstat (limited to 'lib/vtls/gskit.h')
0 files changed, 0 insertions, 0 deletions