aboutsummaryrefslogtreecommitdiff
path: root/lib/vtls/gskit.h
diff options
context:
space:
mode:
authorFaizur Rahman <faizurahman@gmail.com>2019-12-25 18:49:48 -0500
committerJay Satiro <raysatiro@yahoo.com>2020-01-11 18:23:46 -0500
commit29e40a6d8a70630dd8eaa15beded205792342d08 (patch)
tree3219d5c4190b19efef62855d6ace3a969390ddd0 /lib/vtls/gskit.h
parentcbb5429001084df4e71ebd95dbf748c3c302c9f7 (diff)
schannel: Make CURLOPT_CAINFO work better on Windows 7
- Support hostname verification via alternative names (SAN) in the peer certificate when CURLOPT_CAINFO is used in Windows 7 and earlier. CERT_NAME_SEARCH_ALL_NAMES_FLAG doesn't exist before Windows 8. As a result CertGetNameString doesn't quite work on those versions of Windows. This change provides an alternative solution for CertGetNameString by iterating through CERT_ALT_NAME_INFO for earlier versions of Windows. Prior to this change many certificates failed the hostname validation when CURLOPT_CAINFO was used in Windows 7 and earlier. Most certificates now represent multiple hostnames and rely on the alternative names field exclusively to represent their hostnames. Reported-by: Jeroen Ooms Fixes https://github.com/curl/curl/issues/3711 Closes https://github.com/curl/curl/pull/4761
Diffstat (limited to 'lib/vtls/gskit.h')
0 files changed, 0 insertions, 0 deletions