summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Stenberg <daniel@haxx.se>2018-12-17 13:08:41 +0100
committerDaniel Stenberg <daniel@haxx.se>2018-12-17 13:08:41 +0100
commitcd770aaaffa3c6e1758600990cb620ba6b0ea7f5 (patch)
treefdc5b42dd28b273dc2ba2ad5c960a4f8207abbd4
parentd8a9de62034cff6153ab78cff3e3ae30f786ec39 (diff)
downloadcurl-bagder/mbedtls-verifyhost.tar.gz
mbedtls: use VERIFYHOSTbagder/mbedtls-verifyhost
Previously, VERIFYPEER would enable/disable all checks. Fixes #3376
Diffstat
-rw-r--r--lib/vtls/mbedtls.c8
1 files changed, 5 insertions, 3 deletions
diff --git a/lib/vtls/mbedtls.c b/lib/vtls/mbedtls.c
index 6a20e276e..ec1c13d95 100644
--- a/lib/vtls/mbedtls.c
+++ b/lib/vtls/mbedtls.c
@@ -583,14 +583,16 @@ mbed_connect_step2(struct connectdata *conn,
return CURLE_PEER_FAILED_VERIFICATION;
}
- if(ret & MBEDTLS_X509_BADCERT_CN_MISMATCH)
- failf(data, "Cert verify failed: BADCERT_CN_MISMATCH");
-
if(ret & MBEDTLS_X509_BADCERT_NOT_TRUSTED)
failf(data, "Cert verify failed: BADCERT_NOT_TRUSTED");
return CURLE_PEER_FAILED_VERIFICATION;
}
+ if(ret && SSL_CONN_CONFIG(verifyhost)) {
+ if(ret & MBEDTLS_X509_BADCERT_CN_MISMATCH)
+ failf(data, "Cert verify failed: BADCERT_CN_MISMATCH");
+ return CURLE_PEER_FAILED_VERIFICATION;
+ }
peercert = mbedtls_ssl_get_peer_cert(&BACKEND->ssl);
View Lorry Controller Status