mirror of
https://github.com/moparisthebest/curl
synced 2024-08-13 17:03:50 -04:00
mbedtls: follow-up VERIFYHOST fix from f097669248
Fix-by: Eric Rosenquist Fixes #3376 Closes #3390
This commit is contained in:
parent
ea2fed5d5e
commit
0b9fadf81f
@ -574,25 +574,25 @@ mbed_connect_step2(struct connectdata *conn,
|
||||
|
||||
ret = mbedtls_ssl_get_verify_result(&BACKEND->ssl);
|
||||
|
||||
if(!SSL_CONN_CONFIG(verifyhost))
|
||||
/* Ignore hostname errors if verifyhost is disabled */
|
||||
ret &= ~MBEDTLS_X509_BADCERT_CN_MISMATCH;
|
||||
|
||||
if(ret && SSL_CONN_CONFIG(verifypeer)) {
|
||||
if(ret & MBEDTLS_X509_BADCERT_EXPIRED)
|
||||
failf(data, "Cert verify failed: BADCERT_EXPIRED");
|
||||
|
||||
if(ret & MBEDTLS_X509_BADCERT_REVOKED) {
|
||||
else if(ret & MBEDTLS_X509_BADCERT_REVOKED)
|
||||
failf(data, "Cert verify failed: BADCERT_REVOKED");
|
||||
return CURLE_PEER_FAILED_VERIFICATION;
|
||||
}
|
||||
|
||||
if(ret & MBEDTLS_X509_BADCERT_NOT_TRUSTED)
|
||||
else if(ret & MBEDTLS_X509_BADCERT_CN_MISMATCH)
|
||||
failf(data, "Cert verify failed: BADCERT_CN_MISMATCH");
|
||||
|
||||
else if(ret & MBEDTLS_X509_BADCERT_NOT_TRUSTED)
|
||||
failf(data, "Cert verify failed: BADCERT_NOT_TRUSTED");
|
||||
|
||||
return CURLE_PEER_FAILED_VERIFICATION;
|
||||
}
|
||||
if(ret && SSL_CONN_CONFIG(verifyhost)) {
|
||||
if(ret & MBEDTLS_X509_BADCERT_CN_MISMATCH)
|
||||
failf(data, "Cert verify failed: BADCERT_CN_MISMATCH");
|
||||
return CURLE_PEER_FAILED_VERIFICATION;
|
||||
}
|
||||
|
||||
peercert = mbedtls_ssl_get_peer_cert(&BACKEND->ssl);
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user