mirror of
https://github.com/moparisthebest/curl
synced 2024-12-21 23:58:49 -05:00
d58ba66eec
- Switch from verifying a pinned public key in a callback during the certificate verification to inline after the certificate verification. The callback method had three problems: 1. If a pinned public key didn't match, CURLE_SSL_PINNEDPUBKEYNOTMATCH was not returned. 2. If peer certificate verification was disabled the pinned key verification did not take place as it should. 3. (related to #2) If there was no certificate of depth 0 the callback would not have checked the pinned public key. Though all those problems could have been fixed it would have made the code more complex. Instead we now verify inline after the certificate verification in mbedtls_connect_step2. Ref: http://curl.haxx.se/mail/lib-2016-01/0047.html Ref: https://github.com/bagder/curl/pull/601 |
||
---|---|---|
.. | ||
axtls.c | ||
axtls.h | ||
cyassl.c | ||
cyassl.h | ||
darwinssl.c | ||
darwinssl.h | ||
gskit.c | ||
gskit.h | ||
gtls.c | ||
gtls.h | ||
mbedtls.c | ||
mbedtls.h | ||
nss.c | ||
nssg.h | ||
openssl.c | ||
openssl.h | ||
polarssl_threadlock.c | ||
polarssl_threadlock.h | ||
polarssl.c | ||
polarssl.h | ||
schannel.c | ||
schannel.h | ||
vtls.c | ||
vtls.h |