moparisthebest/curl
1
0
Fork 0
mirror of https://github.com/moparisthebest/curl synced 2024-08-13 17:03:50 -04:00
Code Issues Releases Wiki Activity

mbedtls: follow-up VERIFYHOST fix from f097669248

Browse Source 
Fix-by: Eric Rosenquist

Fixes #3376
Closes #3390
This commit is contained in:
Daniel Stenberg 2018-12-19 08:46:39 +01:00
parent ea2fed5d5e
commit 0b9fadf81f
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
1 changed files with 9 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
lib/vtls/mbedtls.c
View File

@ -574,25 +574,25 @@ mbed_connect_step2(struct connectdata *conn,
ret = mbedtls_ssl_get_verify_result(&BACKEND->ssl);
if(!SSL_CONN_CONFIG(verifyhost))
/* Ignore hostname errors if verifyhost is disabled */
ret &= ~MBEDTLS_X509_BADCERT_CN_MISMATCH;
if(ret && SSL_CONN_CONFIG(verifypeer)) {
if(ret & MBEDTLS_X509_BADCERT_EXPIRED)
failf(data, "Cert verify failed: BADCERT_EXPIRED");
if(ret & MBEDTLS_X509_BADCERT_REVOKED) {
else if(ret & MBEDTLS_X509_BADCERT_REVOKED)
failf(data, "Cert verify failed: BADCERT_REVOKED");
return CURLE_PEER_FAILED_VERIFICATION;
}
if(ret & MBEDTLS_X509_BADCERT_NOT_TRUSTED)
else if(ret & MBEDTLS_X509_BADCERT_CN_MISMATCH)
failf(data, "Cert verify failed: BADCERT_CN_MISMATCH");
else if(ret & MBEDTLS_X509_BADCERT_NOT_TRUSTED)
failf(data, "Cert verify failed: BADCERT_NOT_TRUSTED");
return CURLE_PEER_FAILED_VERIFICATION;
}
if(ret && SSL_CONN_CONFIG(verifyhost)) {
if(ret & MBEDTLS_X509_BADCERT_CN_MISMATCH)
failf(data, "Cert verify failed: BADCERT_CN_MISMATCH");
return CURLE_PEER_FAILED_VERIFICATION;
}
peercert = mbedtls_ssl_get_peer_cert(&BACKEND->ssl);