mirror of
https://github.com/moparisthebest/curl
synced 2024-12-21 15:48:49 -05:00
Revert: use Host: name for SNI and cert name checks
This reverts commitb0fd03f5b8
,4b2fbe1e97
,afecd1aa13
,68cde058f6
This commit is contained in:
parent
368f5a8547
commit
87374a47c9
25
lib/http.c
25
lib/http.c
@ -2254,25 +2254,26 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
|
||||
ptr = Curl_checkheaders(data, "Host:");
|
||||
if(ptr && (!data->state.this_is_a_follow ||
|
||||
Curl_raw_equal(data->state.first_host, conn->host.name))) {
|
||||
|
||||
#if !defined(CURL_DISABLE_COOKIES)
|
||||
/* If we have a given custom Host: header, we extract the host name in
|
||||
order to possibly use it for cookie reasons later on. We only allow the
|
||||
custom Host: header if this is NOT a redirect, as setting Host: in the
|
||||
redirected request is being out on thin ice. Except if the host name
|
||||
is the same as the first one! */
|
||||
char *chost = Curl_copy_header_value(ptr);
|
||||
if (!chost)
|
||||
char *cookiehost = Curl_copy_header_value(ptr);
|
||||
if (!cookiehost)
|
||||
return CURLE_OUT_OF_MEMORY;
|
||||
if (!*chost)
|
||||
if (!*cookiehost)
|
||||
/* ignore empty data */
|
||||
free(chost);
|
||||
free(cookiehost);
|
||||
else {
|
||||
char *colon = strchr(chost, ':');
|
||||
char *colon = strchr(cookiehost, ':');
|
||||
if (colon)
|
||||
*colon = 0; /* The host must not include an embedded port number */
|
||||
Curl_safefree(conn->allocptr.customhost);
|
||||
conn->allocptr.customhost = chost;
|
||||
Curl_safefree(conn->allocptr.cookiehost);
|
||||
conn->allocptr.cookiehost = cookiehost;
|
||||
}
|
||||
#endif
|
||||
|
||||
conn->allocptr.host = NULL;
|
||||
}
|
||||
@ -2596,8 +2597,8 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
|
||||
if(data->cookies) {
|
||||
Curl_share_lock(data, CURL_LOCK_DATA_COOKIE, CURL_LOCK_ACCESS_SINGLE);
|
||||
co = Curl_cookie_getlist(data->cookies,
|
||||
conn->allocptr.customhost?
|
||||
conn->allocptr.customhost:host,
|
||||
conn->allocptr.cookiehost?
|
||||
conn->allocptr.cookiehost:host,
|
||||
data->state.path,
|
||||
(bool)(conn->protocol&PROT_HTTPS?TRUE:FALSE));
|
||||
Curl_share_unlock(data, CURL_LOCK_DATA_COOKIE);
|
||||
@ -3688,8 +3689,8 @@ CURLcode Curl_http_readwrite_headers(struct SessionHandle *data,
|
||||
data->cookies, TRUE, k->p+11,
|
||||
/* If there is a custom-set Host: name, use it
|
||||
here, or else use real peer host name. */
|
||||
conn->allocptr.customhost?
|
||||
conn->allocptr.customhost:conn->host.name,
|
||||
conn->allocptr.cookiehost?
|
||||
conn->allocptr.cookiehost:conn->host.name,
|
||||
data->state.path);
|
||||
Curl_share_unlock(data, CURL_LOCK_DATA_COOKIE);
|
||||
}
|
||||
|
22
lib/ssluse.c
22
lib/ssluse.c
@ -1125,20 +1125,16 @@ static CURLcode verifyhost(struct connectdata *conn,
|
||||
struct in_addr addr;
|
||||
#endif
|
||||
CURLcode res = CURLE_OK;
|
||||
char *hostname;
|
||||
|
||||
hostname = conn->allocptr.customhost?conn->allocptr.customhost:
|
||||
conn->host.name;
|
||||
|
||||
#ifdef ENABLE_IPV6
|
||||
if(conn->bits.ipv6_ip &&
|
||||
Curl_inet_pton(AF_INET6, hostname, &addr)) {
|
||||
Curl_inet_pton(AF_INET6, conn->host.name, &addr)) {
|
||||
target = GEN_IPADD;
|
||||
addrlen = sizeof(struct in6_addr);
|
||||
}
|
||||
else
|
||||
#endif
|
||||
if(Curl_inet_pton(AF_INET, hostname, &addr)) {
|
||||
if(Curl_inet_pton(AF_INET, conn->host.name, &addr)) {
|
||||
target = GEN_IPADD;
|
||||
addrlen = sizeof(struct in_addr);
|
||||
}
|
||||
@ -1180,7 +1176,7 @@ static CURLcode verifyhost(struct connectdata *conn,
|
||||
if((altlen == strlen(altptr)) &&
|
||||
/* if this isn't true, there was an embedded zero in the name
|
||||
string and we cannot match it. */
|
||||
cert_hostcheck(altptr, hostname))
|
||||
cert_hostcheck(altptr, conn->host.name))
|
||||
matched = 1;
|
||||
else
|
||||
matched = 0;
|
||||
@ -1282,7 +1278,7 @@ static CURLcode verifyhost(struct connectdata *conn,
|
||||
"SSL: unable to obtain common name from peer certificate");
|
||||
res = CURLE_PEER_FAILED_VERIFICATION;
|
||||
}
|
||||
else if(!cert_hostcheck((const char *)peer_CN, hostname)) {
|
||||
else if(!cert_hostcheck((const char *)peer_CN, conn->host.name)) {
|
||||
if(data->set.ssl.verifyhost > 1) {
|
||||
failf(data, "SSL: certificate subject name '%s' does not match "
|
||||
"target host name '%s'", peer_CN, conn->host.dispname);
|
||||
@ -1433,7 +1429,6 @@ ossl_connect_step1(struct connectdata *conn,
|
||||
curl_socket_t sockfd = conn->sock[sockindex];
|
||||
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
|
||||
#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
|
||||
const char *hostname;
|
||||
bool sni;
|
||||
#ifdef ENABLE_IPV6
|
||||
struct in6_addr addr;
|
||||
@ -1646,15 +1641,12 @@ ossl_connect_step1(struct connectdata *conn,
|
||||
connssl->server_cert = 0x0;
|
||||
|
||||
#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
|
||||
hostname = conn->allocptr.customhost?conn->allocptr.customhost:
|
||||
conn->host.name;
|
||||
|
||||
if ((0 == Curl_inet_pton(AF_INET, hostname, &addr)) &&
|
||||
if ((0 == Curl_inet_pton(AF_INET, conn->host.name, &addr)) &&
|
||||
#ifdef ENABLE_IPV6
|
||||
(0 == Curl_inet_pton(AF_INET6, hostname, &addr)) &&
|
||||
(0 == Curl_inet_pton(AF_INET6, conn->host.name, &addr)) &&
|
||||
#endif
|
||||
sni &&
|
||||
!SSL_set_tlsext_host_name(connssl->handle, hostname))
|
||||
!SSL_set_tlsext_host_name(connssl->handle, conn->host.name))
|
||||
infof(data, "WARNING: failed to configure server name indication (SNI) "
|
||||
"TLS extension\n");
|
||||
#endif
|
||||
|
@ -2534,7 +2534,7 @@ static void conn_free(struct connectdata *conn)
|
||||
Curl_safefree(conn->allocptr.rangeline);
|
||||
Curl_safefree(conn->allocptr.ref);
|
||||
Curl_safefree(conn->allocptr.host);
|
||||
Curl_safefree(conn->allocptr.customhost);
|
||||
Curl_safefree(conn->allocptr.cookiehost);
|
||||
Curl_safefree(conn->allocptr.rtsp_transport);
|
||||
Curl_safefree(conn->trailer);
|
||||
Curl_safefree(conn->host.rawalloc); /* host name buffer */
|
||||
|
@ -796,7 +796,7 @@ struct connectdata {
|
||||
char *rangeline; /* free later if not NULL! */
|
||||
char *ref; /* free later if not NULL! */
|
||||
char *host; /* free later if not NULL */
|
||||
char *customhost; /* free later if not NULL */
|
||||
char *cookiehost; /* free later if not NULL */
|
||||
char *rtsp_transport; /* free later if not NULL */
|
||||
} allocptr;
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user