1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-21 23:58:49 -05:00

certcheck: use the custom Host: name for checks

If you use a custom Host: name in a request to a SSL server, libcurl
will now use that given name when it verifies the server certificate to
be correct rather than using the host name used in the actual URL.
This commit is contained in:
Daniel Stenberg 2010-11-04 15:18:35 +01:00
parent 4b2fbe1e97
commit b0fd03f5b8

View File

@ -1125,16 +1125,20 @@ static CURLcode verifyhost(struct connectdata *conn,
struct in_addr addr;
#endif
CURLcode res = CURLE_OK;
char *hostname;
hostname = conn->allocptr.customhost?conn->allocptr.customhost:
conn->host.name;
#ifdef ENABLE_IPV6
if(conn->bits.ipv6_ip &&
Curl_inet_pton(AF_INET6, conn->host.name, &addr)) {
Curl_inet_pton(AF_INET6, hostname, &addr)) {
target = GEN_IPADD;
addrlen = sizeof(struct in6_addr);
}
else
#endif
if(Curl_inet_pton(AF_INET, conn->host.name, &addr)) {
if(Curl_inet_pton(AF_INET, hostname, &addr)) {
target = GEN_IPADD;
addrlen = sizeof(struct in_addr);
}
@ -1176,7 +1180,7 @@ static CURLcode verifyhost(struct connectdata *conn,
if((altlen == strlen(altptr)) &&
/* if this isn't true, there was an embedded zero in the name
string and we cannot match it. */
cert_hostcheck(altptr, conn->host.name))
cert_hostcheck(altptr, hostname))
matched = 1;
else
matched = 0;
@ -1278,7 +1282,7 @@ static CURLcode verifyhost(struct connectdata *conn,
"SSL: unable to obtain common name from peer certificate");
res = CURLE_PEER_FAILED_VERIFICATION;
}
else if(!cert_hostcheck((const char *)peer_CN, conn->host.name)) {
else if(!cert_hostcheck((const char *)peer_CN, hostname)) {
if(data->set.ssl.verifyhost > 1) {
failf(data, "SSL: certificate subject name '%s' does not match "
"target host name '%s'", peer_CN, conn->host.dispname);