diff options
author | Daniel Stenberg <daniel@haxx.se> | 2010-11-04 15:18:35 +0100 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2010-11-04 15:18:35 +0100 |
commit | b0fd03f5b8d4520dd232a9d13567d16bd0ad8951 (patch) | |
tree | 4ab8d848deec51892da2f3bcb58e9448423e5bc4 /lib | |
parent | 4b2fbe1e97891f9a861363c4bf7aa0473c94e0ab (diff) |
certcheck: use the custom Host: name for checks
If you use a custom Host: name in a request to a SSL server, libcurl
will now use that given name when it verifies the server certificate to
be correct rather than using the host name used in the actual URL.
Diffstat (limited to 'lib')
-rw-r--r-- | lib/ssluse.c | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/lib/ssluse.c b/lib/ssluse.c index b3a05f907..5a7294148 100644 --- a/lib/ssluse.c +++ b/lib/ssluse.c @@ -1125,16 +1125,20 @@ static CURLcode verifyhost(struct connectdata *conn, struct in_addr addr; #endif CURLcode res = CURLE_OK; + char *hostname; + + hostname = conn->allocptr.customhost?conn->allocptr.customhost: + conn->host.name; #ifdef ENABLE_IPV6 if(conn->bits.ipv6_ip && - Curl_inet_pton(AF_INET6, conn->host.name, &addr)) { + Curl_inet_pton(AF_INET6, hostname, &addr)) { target = GEN_IPADD; addrlen = sizeof(struct in6_addr); } else #endif - if(Curl_inet_pton(AF_INET, conn->host.name, &addr)) { + if(Curl_inet_pton(AF_INET, hostname, &addr)) { target = GEN_IPADD; addrlen = sizeof(struct in_addr); } @@ -1176,7 +1180,7 @@ static CURLcode verifyhost(struct connectdata *conn, if((altlen == strlen(altptr)) && /* if this isn't true, there was an embedded zero in the name string and we cannot match it. */ - cert_hostcheck(altptr, conn->host.name)) + cert_hostcheck(altptr, hostname)) matched = 1; else matched = 0; @@ -1278,7 +1282,7 @@ static CURLcode verifyhost(struct connectdata *conn, "SSL: unable to obtain common name from peer certificate"); res = CURLE_PEER_FAILED_VERIFICATION; } - else if(!cert_hostcheck((const char *)peer_CN, conn->host.name)) { + else if(!cert_hostcheck((const char *)peer_CN, hostname)) { if(data->set.ssl.verifyhost > 1) { failf(data, "SSL: certificate subject name '%s' does not match " "target host name '%s'", peer_CN, conn->host.dispname); |