From d12759c73e34e432c5e2d438d6d34668b9c98a0e Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Wed, 11 Jul 2007 22:20:46 +0000 Subject: Made CURLOPT_SSL_VERIFYHOST set to 1 acts as described in the documentation: fail to connect if there is no Common Name field found in the remote cert. We should deprecate the support for this set to 1 anyway soon, since the feature is pointless and most likely never really used by anyone. --- lib/ssluse.c | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) (limited to 'lib/ssluse.c') diff --git a/lib/ssluse.c b/lib/ssluse.c index 19412877c..97e244896 100644 --- a/lib/ssluse.c +++ b/lib/ssluse.c @@ -1131,16 +1131,9 @@ static CURLcode verifyhost(struct connectdata *conn, #endif /* CURL_DOES_CONVERSIONS */ if (!peer_CN) { - if(data->set.ssl.verifyhost > 1) { - failf(data, - "SSL: unable to obtain common name from peer certificate"); - return CURLE_SSL_PEER_CERTIFICATE; - } - else { - /* Consider verifyhost == 1 as an "OK" for a missing CN field, but we - output a note about the situation */ - infof(data, "\t common name: WARNING couldn't obtain\n"); - } + failf(data, + "SSL: unable to obtain common name from peer certificate"); + return CURLE_SSL_PEER_CERTIFICATE; } else if(!cert_hostcheck((const char *)peer_CN, conn->host.name)) { if(data->set.ssl.verifyhost > 1) { -- cgit v1.2.1