- OpenSSL 3.0.0 (2021-09-07)
- LibreSSL 2.9.1 (2019-04-22)
- - GnuTLS 3.1.10 (2013-03-22)
+ - GnuTLS 3.6.5 (2018-12-01)
- mbedTLS 3.2.0 (2022-07-11)
- zlib 1.2.5.2 (2011-12-11)
- libssh2 1.9.0 (2019-06-20)
}
#endif
-#if !defined(GNUTLS_VERSION_NUMBER) || (GNUTLS_VERSION_NUMBER < 0x03010a)
+#if !defined(GNUTLS_VERSION_NUMBER) || (GNUTLS_VERSION_NUMBER < 0x030605)
#error "too old GnuTLS version"
#endif
return CURL_IETF_PROTO_TLS1_1;
case GNUTLS_TLS1_2:
return CURL_IETF_PROTO_TLS1_2;
-#if GNUTLS_VERSION_NUMBER >= 0x030603
case GNUTLS_TLS1_3:
return CURL_IETF_PROTO_TLS1_3;
-#endif
default:
return CURL_IETF_PROTO_UNKNOWN;
}
rc = (int)gnutls_x509_crt_check_hostname(x509_cert,
peer->sni ? peer->sni :
peer->hostname);
-#if GNUTLS_VERSION_NUMBER < 0x030306
- /* Before 3.3.6, gnutls_x509_crt_check_hostname() did not check IP
- addresses. */
- if(!rc) {
-#ifdef USE_IPV6
- #define use_addr in6_addr
-#else
- #define use_addr in_addr
-#endif
- unsigned char addrbuf[sizeof(struct use_addr)];
- size_t addrlen = 0;
-
- if(curlx_inet_pton(AF_INET, peer->hostname, addrbuf) > 0)
- addrlen = 4;
-#ifdef USE_IPV6
- else if(curlx_inet_pton(AF_INET6, peer->hostname, addrbuf) > 0)
- addrlen = 16;
-#endif
-
- if(addrlen) {
- unsigned char certaddr[sizeof(struct use_addr)];
- int i;
-
- for(i = 0; ; i++) {
- size_t certaddrlen = sizeof(certaddr);
- int ret = gnutls_x509_crt_get_subject_alt_name(x509_cert, i, certaddr,
- &certaddrlen, NULL);
- /* If this happens, it was not an IP address. */
- if(ret == GNUTLS_E_SHORT_MEMORY_BUFFER)
- continue;
- if(ret < 0)
- break;
- if(ret != GNUTLS_SAN_IPADDRESS)
- continue;
- if(certaddrlen == addrlen && !memcmp(addrbuf, certaddr, addrlen)) {
- rc = 1;
- break;
- }
- }
- }
- }
-#endif
-
result = (!rc && config->verifyhost) ?
- CURLE_PEER_FAILED_VERIFICATION : CURLE_OK;
+ CURLE_PEER_FAILED_VERIFICATION : CURLE_OK;
gtls_msg_verify_result(data, peer, x509_cert, rc, config->verifyhost);
if(result)
goto out;
projects / thirdparty / curl.git / commitdiff
