diff options
author | Jeremy Harris <jgh146exb@wizmail.org> | 2014-11-06 21:22:18 +0000 |
---|---|---|
committer | Jeremy Harris <jgh146exb@wizmail.org> | 2014-11-06 21:22:18 +0000 |
commit | a320fabd09f43c02c869c90a5a5a70a49dd77f89 (patch) | |
tree | 341ccb129d815e0c2daa6c0b8531fc0d4756eb7d /src | |
parent | 09c17790eec23907b93df1ec7cee746b28dfc836 (diff) |
EXPERIMENTAL_CERTNAMES: Hostlist for cert name checks should match host
connected-to, not be list of acceptable names. The name checked is the
host name.
Diffstat (limited to 'src')
-rw-r--r-- | src/src/tls-gnu.c | 10 | ||||
-rw-r--r-- | src/src/tls-openssl.c | 10 |
2 files changed, 6 insertions, 14 deletions
diff --git a/src/src/tls-gnu.c b/src/src/tls-gnu.c index 04de02d74..093b3a375 100644 --- a/src/src/tls-gnu.c +++ b/src/src/tls-gnu.c @@ -1846,17 +1846,13 @@ if (( state->exp_tls_verify_certificates ) { #ifdef EXPERIMENTAL_CERTNAMES - if (ob->tls_verify_cert_hostnames) + if (verify_check_host(&ob->tls_verify_cert_hostnames) == OK) { DEBUG(D_tls) debug_printf("TLS: server cert incl. hostname verification required.\n"); state->verify_requirement = VERIFY_WITHHOST; - if (!expand_check(ob->tls_verify_cert_hostnames, - US"tls_verify_cert_hostnames", - &state->exp_tls_verify_cert_hostnames)) - return FAIL; - if (state->exp_tls_verify_cert_hostnames) - DEBUG(D_tls) debug_printf("Cert hostname to check: \"%s\"\n", + state->exp_tls_verify_cert_hostnames = host->name; + DEBUG(D_tls) debug_printf("Cert hostname to check: \"%s\"\n", state->exp_tls_verify_cert_hostnames); } else diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c index 63bf83b1d..628860044 100644 --- a/src/src/tls-openssl.c +++ b/src/src/tls-openssl.c @@ -1692,14 +1692,10 @@ if ((!ob->tls_verify_hosts && !ob->tls_try_verify_hosts) || client_verify_optional = FALSE; #ifdef EXPERIMENTAL_CERTNAMES - if (ob->tls_verify_cert_hostnames) + if (verify_check_host(&ob->tls_verify_cert_hostnames) == OK) { - if (!expand_check(ob->tls_verify_cert_hostnames, - US"tls_verify_cert_hostnames", - &cbinfo->verify_cert_hostnames)) - return FAIL; - if (cbinfo->verify_cert_hostnames) - DEBUG(D_tls) debug_printf("Cert hostname to check: \"%s\"\n", + cbinfo->verify_cert_hostnames = host->name; + DEBUG(D_tls) debug_printf("Cert hostname to check: \"%s\"\n", cbinfo->verify_cert_hostnames); } #endif |