Made CURLOPT_SSL_VERIFYHOST set to 1 acts as described in the documentation:

fail to connect if there is no Common Name field found in the remote cert. We should deprecate the support for this set to 1 anyway soon, since the feature is pointless and most likely never really used by anyone.
author: Daniel Stenberg <daniel@haxx.se> 2007-07-11 22:20:46 +0000
committer: Daniel Stenberg <daniel@haxx.se> 2007-07-11 22:20:46 +0000
commit: d12759c73e34e432c5e2d438d6d34668b9c98a0e (patch)
tree: 6c1cb8e3e43a243be59b1dd776e92c1b7e9d1a73 /lib/ssluse.c
parent: c0095d6dd904c6ad82fe834cbef790ca4d231944 (diff)
download: curl-d12759c73e34e432c5e2d438d6d34668b9c98a0e.tar.gz
1 files changed, 3 insertions, 10 deletions
diff --git a/lib/ssluse.c b/lib/ssluse.c
index 19412877c..97e244896 100644
--- a/lib/ssluse.c
+++ b/lib/ssluse.c
@@ -1131,16 +1131,9 @@ static CURLcode verifyhost(struct connectdata *conn,
 #endif /* CURL_DOES_CONVERSIONS */
 
     if (!peer_CN) {
-      if(data->set.ssl.verifyhost > 1) {
-        failf(data,
-              "SSL: unable to obtain common name from peer certificate");
-        return CURLE_SSL_PEER_CERTIFICATE;
-      }
-      else {
-        /* Consider verifyhost == 1 as an "OK" for a missing CN field, but we
-           output a note about the situation */
-        infof(data, "\t common name: WARNING couldn't obtain\n");
-      }
+      failf(data,
+            "SSL: unable to obtain common name from peer certificate");
+      return CURLE_SSL_PEER_CERTIFICATE;
     }
     else if(!cert_hostcheck((const char *)peer_CN, conn->host.name)) {
       if(data->set.ssl.verifyhost > 1) {
author	Daniel Stenberg <daniel@haxx.se>	2007-07-11 22:20:46 +0000
committer	Daniel Stenberg <daniel@haxx.se>	2007-07-11 22:20:46 +0000
commit	d12759c73e34e432c5e2d438d6d34668b9c98a0e (patch)
tree	6c1cb8e3e43a243be59b1dd776e92c1b7e9d1a73 /lib/ssluse.c
parent	c0095d6dd904c6ad82fe834cbef790ca4d231944 (diff)
download	curl-d12759c73e34e432c5e2d438d6d34668b9c98a0e.tar.gz