moparisthebest/curl
1
0
Fork 0
mirror of https://github.com/moparisthebest/curl synced 2025-01-11 05:58:01 -05:00
Code Issues Releases Wiki Activity

CURLOPT_SSL_VERIFYHOST: treat the value 1 as 2

Browse Source 
For a long time (since 7.28.1) we've returned error when setting the
value to 1 to make applications notice that we stopped supported the old
behavior for 1. Starting now, we treat 1 and 2 exactly the same.

Closes #4241
This commit is contained in:
Daniel Stenberg 2019-08-20 09:13:55 +02:00
parent 862393243d
commit 6a90c9e0c4
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
3 changed files with 25 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
docs/libcurl/opts/CURLOPT_PROXY_SSL_VERIFYHOST.3
View File

@ -5,7 +5,7 @@
.\" * | (__| |_| | _ <| |___ .\" * | (__| |_| | _ <| |___
.\" * \___|\___/|_| \_\_____| .\" * \___|\___/|_| \_\_____|
.\" * .\" *
.\" * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al. .\" * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
.\" * .\" *
.\" * This software is licensed as described in the file COPYING, which .\" * This software is licensed as described in the file COPYING, which
.\" * you should have received as part of this distribution. The terms .\" * you should have received as part of this distribution. The terms
@ -42,8 +42,15 @@ Curl considers the proxy the intended one when the Common Name field or a
Subject Alternate Name field in the certificate matches the host name in the Subject Alternate Name field in the certificate matches the host name in the
proxy string which you told curl to use. proxy string which you told curl to use.
When the \fIverify\fP value is 1L, \fIcurl_easy_setopt\fP will return an error If \fIverify\fP value is set to 1:
and the option value will not be changed due to old legacy reasons.
In 7.28.0 and earlier: treated as a debug option of some sorts, not supported
anymore due to frequently leading to programmer mistakes.
From 7.28.1 to 7.65.3: setting it to 1 made curl_easy_setopt() return an error
and leaving the flag untouched.
From 7.66.0: treats 1 and 2 the same.
When the \fIverify\fP value is 0L, the connection succeeds regardless of the When the \fIverify\fP value is 0L, the connection succeeds regardless of the
names used in the certificate. Use that ability with caution! names used in the certificate. Use that ability with caution!

16
docs/libcurl/opts/CURLOPT_SSL_VERIFYHOST.3
View File

@ -5,7 +5,7 @@
.\" * | (__| |_| | _ <| |___ .\" * | (__| |_| | _ <| |___
.\" * \___|\___/|_| \_\_____| .\" * \___|\___/|_| \_\_____|
.\" * .\" *
.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al. .\" * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
.\" * .\" *
.\" * This software is licensed as described in the file COPYING, which .\" * This software is licensed as described in the file COPYING, which
.\" * you should have received as part of this distribution. The terms .\" * you should have received as part of this distribution. The terms
@ -45,11 +45,15 @@ Curl considers the server the intended one when the Common Name field or a
Subject Alternate Name field in the certificate matches the host name in the Subject Alternate Name field in the certificate matches the host name in the
URL to which you told Curl to connect. URL to which you told Curl to connect.
When the \fIverify\fP value is 1, \fIcurl_easy_setopt\fP will return an error If \fIverify\fP value is set to 1:
and the option value will not be changed. It was previously (in 7.28.0 and
earlier) a debug option of some sorts, but it is no longer supported due to In 7.28.0 and earlier: treated as a debug option of some sorts, not supported
frequently leading to programmer mistakes. Future versions will stop returning anymore due to frequently leading to programmer mistakes.
an error for 1 and just treat 1 and 2 the same.
From 7.28.1 to 7.65.3: setting it to 1 made curl_easy_setopt() return an error
and leaving the flag untouched.
From 7.66.0: treats 1 and 2 the same.
When the \fIverify\fP value is 0, the connection succeeds regardless of the When the \fIverify\fP value is 0, the connection succeeds regardless of the
names in the certificate. Use that ability with caution! names in the certificate. Use that ability with caution!

26
lib/setopt.c
View File

@ -1783,16 +1783,9 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param)
arg = va_arg(param, long); arg = va_arg(param, long);
/* Obviously people are not reading documentation and too many thought /* Obviously people are not reading documentation and too many thought
this argument took a boolean when it wasn't and misused it. We thus ban this argument took a boolean when it wasn't and misused it.
1 as a sensible input and we warn about its use. Then we only have the Treat 1 and 2 the same */
2 action internally stored as TRUE. */ data->set.ssl.primary.verifyhost = (bool)((arg & 3) ? TRUE : FALSE);
if(1 == arg) {
failf(data, "CURLOPT_SSL_VERIFYHOST no longer supports 1 as value!");
return CURLE_BAD_FUNCTION_ARGUMENT;
}
data->set.ssl.primary.verifyhost = (0 != arg) ? TRUE : FALSE;
/* Update the current connection ssl_config. */ /* Update the current connection ssl_config. */
if(data->conn) { if(data->conn) {
@ -1807,17 +1800,8 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param)
*/ */
arg = va_arg(param, long); arg = va_arg(param, long);
/* Obviously people are not reading documentation and too many thought /* Treat both 1 and 2 as TRUE */
this argument took a boolean when it wasn't and misused it. We thus ban data->set.proxy_ssl.primary.verifyhost = (bool)((arg & 3)?TRUE:FALSE);
1 as a sensible input and we warn about its use. Then we only have the
2 action internally stored as TRUE. */
if(1 == arg) {
failf(data, "CURLOPT_SSL_VERIFYHOST no longer supports 1 as value!");
return CURLE_BAD_FUNCTION_ARGUMENT;
}
data->set.proxy_ssl.primary.verifyhost = (0 != arg)?TRUE:FALSE;
/* Update the current connection proxy_ssl_config. */ /* Update the current connection proxy_ssl_config. */
if(data->conn) { if(data->conn) {