summaryrefslogtreecommitdiff
path: root/lib/Makefile.inc
diff options
context:
space:
mode:
authorOscar Koeroo <okoeroo@gmail.com>2012-11-03 02:06:51 +0100
committerDaniel Stenberg <daniel@haxx.se>2012-11-08 22:23:12 +0100
commit1394cad30fcac7eb21adb9158dfcfab10e9f53d4 (patch)
treea4c89ce32f9f5fb1da8c69e1b44ba6005d6b2a96 /lib/Makefile.inc
parent18c0e9bd71009792982dc6cf518427c13c8674a0 (diff)
downloadcurl-1394cad30fcac7eb21adb9158dfcfab10e9f53d4.tar.gz
SSL: Several SSL-backend related fixes
axTLS: This will make the axTLS backend perform the RFC2818 checks, honoring the VERIFYHOST setting similar to the OpenSSL backend. Generic for OpenSSL and axTLS: Move the hostcheck and cert_hostcheck functions from the lib/ssluse.c files to make them genericly available for both the OpenSSL, axTLS and other SSL backends. They are now in the new lib/hostcheck.c file. CyaSSL: CyaSSL now also has the RFC2818 checks enabled by default. There is a limitation that the verifyhost can not be enabled exclusively on the Subject CN field comparison. This SSL backend will thus behave like the NSS and the GnuTLS (meaning: RFC2818 ok, or bust). In other words: setting verifyhost to 0 or 1 will disable the Subject Alt Names checks too. Schannel: Updated the schannel information messages: Split the IP address usage message from the verifyhost setting and changed the message about disabling SNI (Server Name Indication, used in HTTP virtual hosting) into a message stating that the Subject Alternative Names checks are being disabled when verifyhost is set to 0 or 1. As a side effect of switching off the RFC2818 related servername checks with SCH_CRED_NO_SERVERNAME_CHECK (http://msdn.microsoft.com/en-us/library/aa923430.aspx) the SNI feature is being disabled. This effect is not documented in MSDN, but Wireshark output clearly shows the effect (details on the libcurl maillist). PolarSSL: Fix the prototype change in PolarSSL of ssl_set_session() and the move of the peer_cert from the ssl_context to the ssl_session. Found this change in the PolarSSL SVN between r1316 and r1317 where the POLARSSL_VERSION_NUMBER was at 0x01010100. But to accommodate the Ubuntu PolarSSL version 1.1.4 the check is to discriminate between lower then PolarSSL version 1.2.0 and 1.2.0 and higher. Note: The PolarSSL SVN trunk jumped from version 1.1.1 to 1.2.0. Generic: All the SSL backends are fixed and checked to work with the ssl.verifyhost as a boolean, which is an internal API change.
Diffstat (limited to 'lib/Makefile.inc')
-rw-r--r--lib/Makefile.inc5
1 files changed, 3 insertions, 2 deletions
diff --git a/lib/Makefile.inc b/lib/Makefile.inc
index e0044ec65..fcb8c28ec 100644
--- a/lib/Makefile.inc
+++ b/lib/Makefile.inc
@@ -24,7 +24,7 @@ CSOURCES = file.c timeval.c base64.c hostip.c progress.c formdata.c \
idn_win32.c http_negotiate_sspi.c cyassl.c http_proxy.c non-ascii.c \
asyn-ares.c asyn-thread.c curl_gssapi.c curl_ntlm.c curl_ntlm_wb.c \
curl_ntlm_core.c curl_ntlm_msgs.c curl_sasl.c curl_schannel.c \
- curl_multibyte.c curl_darwinssl.c
+ curl_multibyte.c curl_darwinssl.c hostcheck.c
HHEADERS = arpa_telnet.h netrc.h file.h timeval.h qssl.h hostip.h \
progress.h formdata.h cookie.h http.h sendf.h ftp.h url.h dict.h \
@@ -41,4 +41,5 @@ HHEADERS = arpa_telnet.h netrc.h file.h timeval.h qssl.h hostip.h \
warnless.h curl_hmac.h polarssl.h curl_rtmp.h curl_gethostname.h \
gopher.h axtls.h cyassl.h http_proxy.h non-ascii.h asyn.h curl_ntlm.h \
curl_gssapi.h curl_ntlm_wb.h curl_ntlm_core.h curl_ntlm_msgs.h \
- curl_sasl.h curl_schannel.h curl_multibyte.h curl_darwinssl.h
+ curl_sasl.h curl_schannel.h curl_multibyte.h curl_darwinssl.h \
+ hostcheck.h