Made CURLOPT_SSL_VERIFYHOST set to 1 acts as described in the documentation:

fail to connect if there is no Common Name field found in the remote cert. We should deprecate the support for this set to 1 anyway soon, since the feature is pointless and most likely never really used by anyone.
2007-07-11 22:20:46 +00:00 · 2007-07-11 22:20:46 +00:00 · d12759c73e
parent c0095d6dd9
commit d12759c73e
3 changed files with 11 additions and 11 deletions
--- a/6
+++ b/6
@ -6,6 +6,12 @@

                                  Changelog

+Daniel S (12 July 2007)
+- Made CURLOPT_SSL_VERIFYHOST set to 1 acts as described in the documentation:
+  fail to connect if there is no Common Name field found in the remote cert.
+  We should deprecate the support for this set to 1 anyway soon, since the
+  feature is pointless and most likely never really used by anyone.
+
 Daniel S (11 July 2007)
 - Shmulik Regev fixed a bug with transfer-encoding skipping during the 407
  error pages for proxy authentication.
--- a/3
+++ b/3
@ -18,6 +18,7 @@ This release includes the following bugfixes:
 o test cases 31, 46, 61, 506, 517 now work in time zones that use leap seconds
 o problem with closed proxy connection during HTTP CONNECT auth negotiation
 o transfer-encoding skipping didn't ignore the 407 response bodies properly
+ o CURLOPT_SSL_VERIFYHOST set to 1

 This release includes the following known bugs:

@ -25,7 +26,7 @@ This release includes the following known bugs:

 Other curl-related news:

- o 
+ o pycurl 7.16.4 was released http://pycurl.sf.net

 New curl mirrors:

--- a/lib/ssluse.c
+++ b/lib/ssluse.c
@ -1131,16 +1131,9 @@ static CURLcode verifyhost(struct connectdata *conn,
 #endif /* CURL_DOES_CONVERSIONS */

    if (!peer_CN) {
-      if(data->set.ssl.verifyhost > 1) {
-        failf(data,
-              "SSL: unable to obtain common name from peer certificate");
-        return CURLE_SSL_PEER_CERTIFICATE;
-      }
-      else {
-        /* Consider verifyhost == 1 as an "OK" for a missing CN field, but we
-           output a note about the situation */
-        infof(data, "\t common name: WARNING couldn't obtain\n");
-      }
+      failf(data,
+            "SSL: unable to obtain common name from peer certificate");
+      return CURLE_SSL_PEER_CERTIFICATE;
    }
    else if(!cert_hostcheck((const char *)peer_CN, conn->host.name)) {
      if(data->set.ssl.verifyhost > 1) {