generic-library/curl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

- Peter Sylvester made the HTTPS test server use specific certificates for

Browse Source 
each test, so that the test suite can now be used to actually test the
  verification of cert names etc. This made an error show up in the OpenSSL-
  specific code where it would attempt to match the CN field even if a
  subjectAltName exists that doesn't match. This is now fixed and verified
  in test 311.
This commit is contained in:
Daniel Stenberg
2009-08-11 21:48:58 +00:00
parent a9caeb1064
commit e73fe837a8
40 changed files with 1339 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
lib/ssluse.c
View File

@@ -1137,6 +1137,12 @@ static CURLcode verifyhost(struct connectdata *conn,
if(matched)
/* an alternative name matched the server hostname */
infof(data, "\t subjectAltName: %s matched\n", conn->host.dispname);
else if(altnames) {
/* an alternative name field existed, but didn't match and then
we MUST fail */
infof(data, "\t subjectAltName does not match %s\n", conn->host.dispname);
res = CURLE_PEER_FAILED_VERIFICATION;
}
else {
/* we have to look to the last occurence of a commonName in the
distinguished one to get the most significant one. */