From b0fd03f5b8d4520dd232a9d13567d16bd0ad8951 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Thu, 4 Nov 2010 15:18:35 +0100 Subject: certcheck: use the custom Host: name for checks If you use a custom Host: name in a request to a SSL server, libcurl will now use that given name when it verifies the server certificate to be correct rather than using the host name used in the actual URL. --- lib/ssluse.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) (limited to 'lib') diff --git a/lib/ssluse.c b/lib/ssluse.c index b3a05f907..5a7294148 100644 --- a/lib/ssluse.c +++ b/lib/ssluse.c @@ -1125,16 +1125,20 @@ static CURLcode verifyhost(struct connectdata *conn, struct in_addr addr; #endif CURLcode res = CURLE_OK; + char *hostname; + + hostname = conn->allocptr.customhost?conn->allocptr.customhost: + conn->host.name; #ifdef ENABLE_IPV6 if(conn->bits.ipv6_ip && - Curl_inet_pton(AF_INET6, conn->host.name, &addr)) { + Curl_inet_pton(AF_INET6, hostname, &addr)) { target = GEN_IPADD; addrlen = sizeof(struct in6_addr); } else #endif - if(Curl_inet_pton(AF_INET, conn->host.name, &addr)) { + if(Curl_inet_pton(AF_INET, hostname, &addr)) { target = GEN_IPADD; addrlen = sizeof(struct in_addr); } @@ -1176,7 +1180,7 @@ static CURLcode verifyhost(struct connectdata *conn, if((altlen == strlen(altptr)) && /* if this isn't true, there was an embedded zero in the name string and we cannot match it. */ - cert_hostcheck(altptr, conn->host.name)) + cert_hostcheck(altptr, hostname)) matched = 1; else matched = 0; @@ -1278,7 +1282,7 @@ static CURLcode verifyhost(struct connectdata *conn, "SSL: unable to obtain common name from peer certificate"); res = CURLE_PEER_FAILED_VERIFICATION; } - else if(!cert_hostcheck((const char *)peer_CN, conn->host.name)) { + else if(!cert_hostcheck((const char *)peer_CN, hostname)) { if(data->set.ssl.verifyhost > 1) { failf(data, "SSL: certificate subject name '%s' does not match " "target host name '%s'", peer_CN, conn->host.dispname); -- cgit v1.2.3