mirror of
https://github.com/moparisthebest/curl
synced 2024-12-24 09:08:49 -05:00
29e40a6d8a
- Support hostname verification via alternative names (SAN) in the peer certificate when CURLOPT_CAINFO is used in Windows 7 and earlier. CERT_NAME_SEARCH_ALL_NAMES_FLAG doesn't exist before Windows 8. As a result CertGetNameString doesn't quite work on those versions of Windows. This change provides an alternative solution for CertGetNameString by iterating through CERT_ALT_NAME_INFO for earlier versions of Windows. Prior to this change many certificates failed the hostname validation when CURLOPT_CAINFO was used in Windows 7 and earlier. Most certificates now represent multiple hostnames and rely on the alternative names field exclusively to represent their hostnames. Reported-by: Jeroen Ooms Fixes https://github.com/curl/curl/issues/3711 Closes https://github.com/curl/curl/pull/4761 |
||
---|---|---|
.. | ||
bearssl.c | ||
bearssl.h | ||
gskit.c | ||
gskit.h | ||
gtls.c | ||
gtls.h | ||
mbedtls.c | ||
mbedtls.h | ||
mesalink.c | ||
mesalink.h | ||
nss.c | ||
nssg.h | ||
openssl.c | ||
openssl.h | ||
polarssl_threadlock.c | ||
polarssl_threadlock.h | ||
polarssl.c | ||
polarssl.h | ||
schannel_verify.c | ||
schannel.c | ||
schannel.h | ||
sectransp.c | ||
sectransp.h | ||
vtls.c | ||
vtls.h | ||
wolfssl.c | ||
wolfssl.h |