]> git.ipfire.org Git - thirdparty/curl.git/commit
projects / thirdparty / curl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 5db3139) | patch
mbedtls/polarssl: set "hostname" unconditionally
authorDaniel Stenberg <daniel@haxx.se>
Sun, 24 Apr 2016 15:52:18 +0000 (17:52 +0200)
committerDaniel Stenberg <daniel@haxx.se>
Tue, 17 May 2016 12:48:17 +0000 (14:48 +0200)
commit6efd2fa529a189bf41736a610f6184cd8ad94b4d
tree2172e87706b045a5e8d9ea412c6bce9b2b33f86atree
parent5db313985e502e82a3eed03396ee600b726d60c2commit | diff
mbedtls/polarssl: set "hostname" unconditionally

...as otherwise the TLS libs will skip the CN/SAN check and just allow
connection to any server. curl previously skipped this function when SNI
wasn't used or when connecting to an IP address specified host.

CVE-2016-3739

Bug: https://curl.haxx.se/docs/adv_20160518A.html
Reported-by: Moti Avrahami
lib/vtls/mbedtls.c diff | blob | blame | history
lib/vtls/polarssl.c diff | blob | blame | history
Mirror of https://github.com/curl/curl.git