diff options
| author | Daniel Stenberg <daniel@haxx.se> | 2017-01-22 18:11:55 +0100 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2017-02-21 08:33:18 +0100 |
| commit | ca6ea6d9be5102a2246dff6e17b3ee9ad4ec64d0 (patch) | |
| tree | 2e19cd1ea4d0b7b654629a0d14c04691f64de257 | |
| parent | af5fbb14bb4fd86cdc5bf2c9f1f2b3b5d8d2af66 (diff) | |
| download | curl-ca6ea6d9be5102a2246dff6e17b3ee9ad4ec64d0.tar.gz | |
TLS: make SSL_VERIFYSTATUS work again
The CURLOPT_SSL_VERIFYSTATUS option was not properly handled by libcurl
and thus even if the status couldn't be verified, the connection would
be allowed and the user would not be told about the failed verification.
Regression since cb4e2be7c6d42ca
CVE-2017-2629
Bug: https://curl.haxx.se/docs/adv_20170222.html
Reported-by: Marcus Hoffmann
| -rw-r--r-- | lib/url.c | 3 |
1 files changed, 3 insertions, 0 deletions
@@ -4173,8 +4173,11 @@ static struct connectdata *allocate_conn(struct Curl_easy *data) conn->bits.ftp_use_epsv = data->set.ftp_use_epsv; conn->bits.ftp_use_eprt = data->set.ftp_use_eprt; + conn->ssl_config.verifystatus = data->set.ssl.primary.verifystatus; conn->ssl_config.verifypeer = data->set.ssl.primary.verifypeer; conn->ssl_config.verifyhost = data->set.ssl.primary.verifyhost; + conn->proxy_ssl_config.verifystatus = + data->set.proxy_ssl.primary.verifystatus; conn->proxy_ssl_config.verifypeer = data->set.proxy_ssl.primary.verifypeer; conn->proxy_ssl_config.verifyhost = data->set.proxy_ssl.primary.verifyhost; |