OpenSSL: acknowledge CURLOPT_SSL_VERIFYHOST without VERIFYPEER

Setting only CURLOPT_SSL_VERIFYHOST without CURLOPT_SSL_VERIFYPEER set should still verify that the host name fields in the server certificate is fine or return failure. Bug: http://curl.haxx.se/mail/lib-2013-10/0002.html Reported-by: Ishan SinghLevett
author: Daniel Stenberg <daniel@haxx.se> 2013-10-02 15:31:10 +0200
committer: Daniel Stenberg <daniel@haxx.se> 2013-10-02 15:40:02 +0200
commit: 3c3622b66221d89509cffaa693fc7dcd5c5b96cf (patch)
tree: 20edee7f7fa516bc929363d05e57d8a8cb8c5094 /lib
parent: a22c478ed7bb8f3ec7c6afba9aab74b7028eb551 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/ssluse.c b/lib/ssluse.c
index 4f3c1e15f..9974ac85e 100644
--- a/lib/ssluse.c
+++ b/lib/ssluse.c
@@ -2351,7 +2351,7 @@ ossl_connect_step3(struct connectdata *conn,
    * operations.
    */
 
-  if(!data->set.ssl.verifypeer)
+  if(!data->set.ssl.verifypeer && !data->set.ssl.verifyhost)
     (void)servercert(conn, connssl, FALSE);
   else
     retcode = servercert(conn, connssl, TRUE);
author	Daniel Stenberg <daniel@haxx.se>	2013-10-02 15:31:10 +0200
committer	Daniel Stenberg <daniel@haxx.se>	2013-10-02 15:40:02 +0200
commit	3c3622b66221d89509cffaa693fc7dcd5c5b96cf (patch)
tree	20edee7f7fa516bc929363d05e57d8a8cb8c5094 /lib
parent	a22c478ed7bb8f3ec7c6afba9aab74b7028eb551 (diff)