diff options
Diffstat (limited to 'lib')
-rw-r--r-- | lib/axtls.c | 28 |
1 files changed, 18 insertions, 10 deletions
diff --git a/lib/axtls.c b/lib/axtls.c index 59c8a835e..21806403b 100644 --- a/lib/axtls.c +++ b/lib/axtls.c @@ -341,22 +341,30 @@ Curl_axtls_connect(struct connectdata *conn, /* RFC2818 checks */ if(found_subject_alt_names && !found_subject_alt_name_matching_conn) { - /* Break connection ! */ - Curl_axtls_close(conn, sockindex); - free_ssl_structs(ssl_ctx, ssl); - failf(data, "\tsubjectAltName(s) do not match %s\n", conn->host.dispname); - return CURLE_PEER_FAILED_VERIFICATION; + if(data->set.ssl.verifyhost) { + /* Break connection ! */ + Curl_axtls_close(conn, sockindex); + free_ssl_structs(ssl_ctx, ssl); + failf(data, "\tsubjectAltName(s) do not match %s\n", + conn->host.dispname); + return CURLE_PEER_FAILED_VERIFICATION; + } + else + infof(data, "\tsubjectAltName(s) do not match %s\n", } else if(found_subject_alt_names == 0) { /* Per RFC2818, when no Subject Alt Names were available, examine the peer CN as a legacy fallback */ peer_CN = ssl_get_cert_dn(ssl, SSL_X509_CERT_COMMON_NAME); if(peer_CN == NULL) { - /* Similar behaviour to the OpenSSL interface */ - Curl_axtls_close(conn, sockindex); - free_ssl_structs(ssl_ctx, ssl); - failf(data, "unable to obtain common name from peer certificate"); - return CURLE_PEER_FAILED_VERIFICATION; + if(data->set.ssl.verifyhost) { + Curl_axtls_close(conn, sockindex); + free_ssl_structs(ssl_ctx, ssl); + failf(data, "unable to obtain common name from peer certificate"); + return CURLE_PEER_FAILED_VERIFICATION; + } + else + infof(data, "unable to obtain common name from peer certificate"); } else { if(!Curl_cert_hostcheck((const char *)peer_CN, conn->host.name)) { |