Revert: use Host: name for SNI and cert name checks

This reverts commit b0fd03f5b8d4520dd232a9d13567d16bd0ad8951,
4b2fbe1e97891f, afecd1aa13b4f, 68cde058f66b3

diff --git a/lib/http.c b/lib/http.c
index 0804ce050cc0adac9b8779f42c720394148e8cc7..ed0730c0a1d8168ec19e72956bea19383c060d71 100644 (file)
--- a/lib/http.c
+++ b/lib/http.c
@@ -2254,25 +2254,26 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
   ptr = Curl_checkheaders(data, "Host:");
   if(ptr && (!data->state.this_is_a_follow ||
              Curl_raw_equal(data->state.first_host, conn->host.name))) {
-
+#if !defined(CURL_DISABLE_COOKIES)
     /* If we have a given custom Host: header, we extract the host name in
        order to possibly use it for cookie reasons later on. We only allow the
        custom Host: header if this is NOT a redirect, as setting Host: in the
        redirected request is being out on thin ice. Except if the host name
        is the same as the first one! */
-    char *chost = Curl_copy_header_value(ptr);
-    if (!chost)
+    char *cookiehost = Curl_copy_header_value(ptr);
+    if (!cookiehost)
       return CURLE_OUT_OF_MEMORY;
-    if (!*chost)
+    if (!*cookiehost)
       /* ignore empty data */
-      free(chost);
+      free(cookiehost);
     else {
-      char *colon = strchr(chost, ':');
+      char *colon = strchr(cookiehost, ':');
       if (colon)
         *colon = 0; /* The host must not include an embedded port number */
-      Curl_safefree(conn->allocptr.customhost);
-      conn->allocptr.customhost = chost;
+      Curl_safefree(conn->allocptr.cookiehost);
+      conn->allocptr.cookiehost = cookiehost;
     }
+#endif
 
     conn->allocptr.host = NULL;
   }
@@ -2596,8 +2597,8 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
     if(data->cookies) {
       Curl_share_lock(data, CURL_LOCK_DATA_COOKIE, CURL_LOCK_ACCESS_SINGLE);
       co = Curl_cookie_getlist(data->cookies,
-                               conn->allocptr.customhost?
-                               conn->allocptr.customhost:host,
+                               conn->allocptr.cookiehost?
+                               conn->allocptr.cookiehost:host,
                                data->state.path,
                                (bool)(conn->protocol&PROT_HTTPS?TRUE:FALSE));
       Curl_share_unlock(data, CURL_LOCK_DATA_COOKIE);
@@ -3688,8 +3689,8 @@ CURLcode Curl_http_readwrite_headers(struct SessionHandle *data,
                       data->cookies, TRUE, k->p+11,
                       /* If there is a custom-set Host: name, use it
                          here, or else use real peer host name. */
-                      conn->allocptr.customhost?
-                      conn->allocptr.customhost:conn->host.name,
+                      conn->allocptr.cookiehost?
+                      conn->allocptr.cookiehost:conn->host.name,
                       data->state.path);
       Curl_share_unlock(data, CURL_LOCK_DATA_COOKIE);
     }

diff --git a/lib/ssluse.c b/lib/ssluse.c
index 5a7294148a058be5266096f2f6077fa6c0b458ff..474bc9a332bbf6900ca3055116ebb1932208c048 100644 (file)
--- a/lib/ssluse.c
+++ b/lib/ssluse.c
@@ -1125,20 +1125,16 @@ static CURLcode verifyhost(struct connectdata *conn,
   struct in_addr addr;
 #endif
   CURLcode res = CURLE_OK;
-  char *hostname;
-
-  hostname = conn->allocptr.customhost?conn->allocptr.customhost:
-    conn->host.name;
 
 #ifdef ENABLE_IPV6
   if(conn->bits.ipv6_ip &&
-     Curl_inet_pton(AF_INET6, hostname, &addr)) {
+     Curl_inet_pton(AF_INET6, conn->host.name, &addr)) {
     target = GEN_IPADD;
     addrlen = sizeof(struct in6_addr);
   }
   else
 #endif
-    if(Curl_inet_pton(AF_INET, hostname, &addr)) {
+    if(Curl_inet_pton(AF_INET, conn->host.name, &addr)) {
       target = GEN_IPADD;
       addrlen = sizeof(struct in_addr);
     }
@@ -1180,7 +1176,7 @@ static CURLcode verifyhost(struct connectdata *conn,
           if((altlen == strlen(altptr)) &&
              /* if this isn't true, there was an embedded zero in the name
                 string and we cannot match it. */
-             cert_hostcheck(altptr, hostname))
+             cert_hostcheck(altptr, conn->host.name))
             matched = 1;
           else
             matched = 0;
@@ -1282,7 +1278,7 @@ static CURLcode verifyhost(struct connectdata *conn,
             "SSL: unable to obtain common name from peer certificate");
       res = CURLE_PEER_FAILED_VERIFICATION;
     }
-    else if(!cert_hostcheck((const char *)peer_CN, hostname)) {
+    else if(!cert_hostcheck((const char *)peer_CN, conn->host.name)) {
       if(data->set.ssl.verifyhost > 1) {
         failf(data, "SSL: certificate subject name '%s' does not match "
               "target host name '%s'", peer_CN, conn->host.dispname);
@@ -1433,7 +1429,6 @@ ossl_connect_step1(struct connectdata *conn,
   curl_socket_t sockfd = conn->sock[sockindex];
   struct ssl_connect_data *connssl = &conn->ssl[sockindex];
 #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
-  const char *hostname;
   bool sni;
 #ifdef ENABLE_IPV6
   struct in6_addr addr;
@@ -1646,15 +1641,12 @@ ossl_connect_step1(struct connectdata *conn,
   connssl->server_cert = 0x0;
 
 #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
-  hostname = conn->allocptr.customhost?conn->allocptr.customhost:
-    conn->host.name;
-
-  if ((0 == Curl_inet_pton(AF_INET, hostname, &addr)) &&
+  if ((0 == Curl_inet_pton(AF_INET, conn->host.name, &addr)) &&
 #ifdef ENABLE_IPV6
-      (0 == Curl_inet_pton(AF_INET6, hostname, &addr)) &&
+      (0 == Curl_inet_pton(AF_INET6, conn->host.name, &addr)) &&
 #endif
       sni &&
-      !SSL_set_tlsext_host_name(connssl->handle, hostname))
+      !SSL_set_tlsext_host_name(connssl->handle, conn->host.name))
     infof(data, "WARNING: failed to configure server name indication (SNI) "
           "TLS extension\n");
 #endif

diff --git a/lib/url.c b/lib/url.c
index ef02b4f31f810e46935c393c157b0df575105923..b715e998fc1434eaa3807da0759e46e115887fd4 100644 (file)
--- a/lib/url.c
+++ b/lib/url.c
@@ -2534,7 +2534,7 @@ static void conn_free(struct connectdata *conn)
   Curl_safefree(conn->allocptr.rangeline);
   Curl_safefree(conn->allocptr.ref);
   Curl_safefree(conn->allocptr.host);
-  Curl_safefree(conn->allocptr.customhost);
+  Curl_safefree(conn->allocptr.cookiehost);
   Curl_safefree(conn->allocptr.rtsp_transport);
   Curl_safefree(conn->trailer);
   Curl_safefree(conn->host.rawalloc); /* host name buffer */

diff --git a/lib/urldata.h b/lib/urldata.h
index 7b63b496b3552fb5132f852118c5e965c5e9350a..4d6059152adc0e59817a8d5ce85491f93d450cb5 100644 (file)
--- a/lib/urldata.h
+++ b/lib/urldata.h
@@ -796,7 +796,7 @@ struct connectdata {
     char *rangeline; /* free later if not NULL! */
     char *ref; /* free later if not NULL! */
     char *host; /* free later if not NULL */
-    char *customhost; /* free later if not NULL */
+    char *cookiehost; /* free later if not NULL */
     char *rtsp_transport; /* free later if not NULL */
   } allocptr;