]> git.ipfire.org Git - thirdparty/curl.git/commit
projects / thirdparty / curl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: cbb5429) | patch
schannel: Make CURLOPT_CAINFO work better on Windows 7
authorFaizur Rahman <faizurahman@gmail.com>
Wed, 25 Dec 2019 23:49:48 +0000 (18:49 -0500)
committerJay Satiro <raysatiro@yahoo.com>
Sat, 11 Jan 2020 23:23:46 +0000 (18:23 -0500)
commit29e40a6d8a70630dd8eaa15beded205792342d08
tree3219d5c4190b19efef62855d6ace3a969390ddd0tree
parentcbb5429001084df4e71ebd95dbf748c3c302c9f7commit | diff
schannel: Make CURLOPT_CAINFO work better on Windows 7

- Support hostname verification via alternative names (SAN) in the
  peer certificate when CURLOPT_CAINFO is used in Windows 7 and earlier.

CERT_NAME_SEARCH_ALL_NAMES_FLAG doesn't exist before Windows 8. As a
result CertGetNameString doesn't quite work on those versions of
Windows. This change provides an alternative solution for
CertGetNameString by iterating through CERT_ALT_NAME_INFO for earlier
versions of Windows.

Prior to this change many certificates failed the hostname validation
when CURLOPT_CAINFO was used in Windows 7 and earlier. Most certificates
now represent multiple hostnames and rely on the alternative names field
exclusively to represent their hostnames.

Reported-by: Jeroen Ooms
Fixes https://github.com/curl/curl/issues/3711
Closes https://github.com/curl/curl/pull/4761
lib/vtls/schannel_verify.c diff | blob | blame | history
Mirror of https://github.com/curl/curl.git