1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-24 09:08:49 -05:00
curl/lib/vtls
Faizur Rahman 29e40a6d8a schannel: Make CURLOPT_CAINFO work better on Windows 7
- Support hostname verification via alternative names (SAN) in the
  peer certificate when CURLOPT_CAINFO is used in Windows 7 and earlier.

CERT_NAME_SEARCH_ALL_NAMES_FLAG doesn't exist before Windows 8. As a
result CertGetNameString doesn't quite work on those versions of
Windows. This change provides an alternative solution for
CertGetNameString by iterating through CERT_ALT_NAME_INFO for earlier
versions of Windows.

Prior to this change many certificates failed the hostname validation
when CURLOPT_CAINFO was used in Windows 7 and earlier. Most certificates
now represent multiple hostnames and rely on the alternative names field
exclusively to represent their hostnames.

Reported-by: Jeroen Ooms

Fixes https://github.com/curl/curl/issues/3711
Closes https://github.com/curl/curl/pull/4761
2020-01-11 18:23:46 -05:00
..
bearssl.c bearssl: Improve I/O handling 2019-12-31 02:43:47 -05:00
bearssl.h TLS: add BearSSL vtls implementation 2019-11-26 08:32:23 +01:00
gskit.c gskit: use the generic Curl_socketpair 2019-10-10 11:04:38 +02:00
gskit.h copyrights: fix copyright year range 2019-11-08 14:51:42 +01:00
gtls.c gtls: make gnutls_bye() not wait for response on shutdown 2019-10-31 09:10:50 +01:00
gtls.h vtls: fold the backend ID into the Curl_ssl structure 2017-08-28 14:56:58 +02:00
mbedtls.c mbedtls: add error message for cert validity starting in the future 2019-11-02 22:59:13 +01:00
mbedtls.h copyrights: fix copyright year range 2019-11-08 14:51:42 +01:00
mesalink.c vtls: fix narrowing conversion warnings 2019-09-23 09:44:35 +02:00
mesalink.h vtls: add a MesaLink vtls backend 2018-09-13 08:26:37 +02:00
nss.c build: Disable Visual Studio warning "conditional expression is constant" 2019-12-01 19:01:02 -05:00
nssg.h vtls: fold the backend ID into the Curl_ssl structure 2017-08-28 14:56:58 +02:00
openssl.c openssl: CURLSSLOPT_NO_PARTIALCHAIN can disable partial cert chains 2019-12-03 16:28:50 +01:00
openssl.h vtls: fold the backend ID into the Curl_ssl structure 2017-08-28 14:56:58 +02:00
polarssl_threadlock.c copyrights: fix copyright year range 2019-11-08 14:51:42 +01:00
polarssl_threadlock.h copyrights: fix copyright year range 2019-11-08 14:51:42 +01:00
polarssl.c vtls: fix narrowing conversion warnings 2019-09-23 09:44:35 +02:00
polarssl.h copyrights: fix copyright year range 2019-11-08 14:51:42 +01:00
schannel_verify.c schannel: Make CURLOPT_CAINFO work better on Windows 7 2020-01-11 18:23:46 -05:00
schannel.c lib: fix compiler warnings with CURL_DISABLE_VERBOSE_STRINGS 2020-01-03 17:02:30 +01:00
schannel.h schannel: use Curl_ prefix for global private symbols 2018-11-01 09:39:45 +01:00
sectransp.c vtls: Fix comment typo about macosx-version-min compiler flag 2019-09-27 01:46:49 -04:00
sectransp.h Secure Transport: no more "darwinssl" 2019-02-28 08:42:59 +01:00
vtls.c vtls: Refactor Curl_multissl_version to make the code clearer 2020-01-11 17:50:33 -05:00
vtls.h TLS: add BearSSL vtls implementation 2019-11-26 08:32:23 +01:00
wolfssl.c wolfssl: fix key pinning build error 2019-06-11 07:46:04 +02:00
wolfssl.h wolfssl: refer to it as wolfSSL only 2019-06-10 09:18:16 +02:00