From: Daniel Stenberg Date: Thu, 4 Nov 2010 14:18:35 +0000 (+0100) Subject: certcheck: use the custom Host: name for checks X-Git-Tag: curl-7_21_3~105 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b0fd03f5b8d4520dd232a9d13567d16bd0ad8951;p=thirdparty%2Fcurl.git certcheck: use the custom Host: name for checks If you use a custom Host: name in a request to a SSL server, libcurl will now use that given name when it verifies the server certificate to be correct rather than using the host name used in the actual URL. --- diff --git a/lib/ssluse.c b/lib/ssluse.c index b3a05f9079..5a7294148a 100644 --- a/lib/ssluse.c +++ b/lib/ssluse.c @@ -1125,16 +1125,20 @@ static CURLcode verifyhost(struct connectdata *conn, struct in_addr addr; #endif CURLcode res = CURLE_OK; + char *hostname; + + hostname = conn->allocptr.customhost?conn->allocptr.customhost: + conn->host.name; #ifdef ENABLE_IPV6 if(conn->bits.ipv6_ip && - Curl_inet_pton(AF_INET6, conn->host.name, &addr)) { + Curl_inet_pton(AF_INET6, hostname, &addr)) { target = GEN_IPADD; addrlen = sizeof(struct in6_addr); } else #endif - if(Curl_inet_pton(AF_INET, conn->host.name, &addr)) { + if(Curl_inet_pton(AF_INET, hostname, &addr)) { target = GEN_IPADD; addrlen = sizeof(struct in_addr); } @@ -1176,7 +1180,7 @@ static CURLcode verifyhost(struct connectdata *conn, if((altlen == strlen(altptr)) && /* if this isn't true, there was an embedded zero in the name string and we cannot match it. */ - cert_hostcheck(altptr, conn->host.name)) + cert_hostcheck(altptr, hostname)) matched = 1; else matched = 0; @@ -1278,7 +1282,7 @@ static CURLcode verifyhost(struct connectdata *conn, "SSL: unable to obtain common name from peer certificate"); res = CURLE_PEER_FAILED_VERIFICATION; } - else if(!cert_hostcheck((const char *)peer_CN, conn->host.name)) { + else if(!cert_hostcheck((const char *)peer_CN, hostname)) { if(data->set.ssl.verifyhost > 1) { failf(data, "SSL: certificate subject name '%s' does not match " "target host name '%s'", peer_CN, conn->host.dispname);