aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--include/curl/curl.h5
-rw-r--r--src/main.c3
2 files changed, 8 insertions, 0 deletions
diff --git a/include/curl/curl.h b/include/curl/curl.h
index 39317312c..ae7573955 100644
--- a/include/curl/curl.h
+++ b/include/curl/curl.h
@@ -448,6 +448,11 @@ typedef enum {
*/
CINIT(HTTPGET, LONG, 80),
+ /* Set if we should verify the Common name from the peer certificate in ssl
+ * handshake, set 1 to check existence, 2 to ensure that it matches the
+ * provided hostname. */
+ CINIT(SSL_VERIFYHOST, LONG, 81),
+
CURLOPT_LASTENTRY /* the last unusued */
} CURLoption;
diff --git a/src/main.c b/src/main.c
index 3e0b3dcda..7e2ac4669 100644
--- a/src/main.c
+++ b/src/main.c
@@ -1881,7 +1881,10 @@ operate(struct Configurable *config, int argc, char *argv[])
/* available from libcurl 7.5: */
curl_easy_setopt(curl, CURLOPT_CAINFO, config->cacert);
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, TRUE);
+ curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 2);
}
+ else
+ curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 1);
if(config->conf&(CONF_NOBODY|CONF_USEREMOTETIME)) {
/* no body or use remote time */