generic-library/curl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

OpenSSL: use failf() when subjectAltName mismatches

Browse Source 
Write to CURLOPT_ERRORBUFFER information about mismatch alternative
certificate subject names.

Signed-off-by: Andrej E Baranov <admin@andrej-andb.ru>
This commit is contained in:
Andrej E Baranov 2013-10-13 01:02:03 +02:00 committed by Daniel Stenberg
parent 5df04bfafd
commit 39beaa5ffb
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/ssluse.c
View File

@ -1192,6 +1192,8 @@ static CURLcode verifyhost(struct connectdata *conn,
/* an alternative name field existed, but didn't match and then /* an alternative name field existed, but didn't match and then
we MUST fail */ we MUST fail */
infof(data, "\t subjectAltName does not match %s\n", conn->host.dispname); infof(data, "\t subjectAltName does not match %s\n", conn->host.dispname);
failf(data, "SSL: alternative certificate subject names does not match "
"target host name '%s'", conn->host.dispname);
res = CURLE_PEER_FAILED_VERIFICATION; res = CURLE_PEER_FAILED_VERIFICATION;
} }
else { else {