diff options
-rw-r--r-- | include/curl/curl.h | 5 | ||||
-rw-r--r-- | src/main.c | 3 |
2 files changed, 8 insertions, 0 deletions
diff --git a/include/curl/curl.h b/include/curl/curl.h index 39317312c..ae7573955 100644 --- a/include/curl/curl.h +++ b/include/curl/curl.h @@ -448,6 +448,11 @@ typedef enum { */ CINIT(HTTPGET, LONG, 80), + /* Set if we should verify the Common name from the peer certificate in ssl + * handshake, set 1 to check existence, 2 to ensure that it matches the + * provided hostname. */ + CINIT(SSL_VERIFYHOST, LONG, 81), + CURLOPT_LASTENTRY /* the last unusued */ } CURLoption; diff --git a/src/main.c b/src/main.c index 3e0b3dcda..7e2ac4669 100644 --- a/src/main.c +++ b/src/main.c @@ -1881,7 +1881,10 @@ operate(struct Configurable *config, int argc, char *argv[]) /* available from libcurl 7.5: */ curl_easy_setopt(curl, CURLOPT_CAINFO, config->cacert); curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, TRUE); + curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 2); } + else + curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 1); if(config->conf&(CONF_NOBODY|CONF_USEREMOTETIME)) { /* no body or use remote time */ |