UTF8: Cert namechecks always use a-label

author: Jeremy Harris <jgh146exb@wizmail.org> 2015-04-22 20:26:56 +0100
committer: Jeremy Harris <jgh146exb@wizmail.org> 2015-04-22 20:26:56 +0100
commit: 4af0d74a886c7fbd4e3eec1743f4b1d2d8a4d457 (patch)
tree: d75ac093b26c1021a36b67e19f5dffbbedd80578 /src
parent: 9479146eba39483724dc791ad814efe829def406 (diff)
2 files changed, 12 insertions, 2 deletions
diff --git a/src/src/tls-gnu.c b/src/src/tls-gnu.c
index 6162cfa9e..6db7e4a8c 100644
--- a/src/src/tls-gnu.c
+++ b/src/src/tls-gnu.c
@@ -1785,7 +1785,12 @@ tls_client_setup_hostname_checks(host_item * host, exim_gnutls_state_st * state,
 {
 if (verify_check_given_host(&ob->tls_verify_cert_hostnames, host) == OK)
   {
-  state->exp_tls_verify_cert_hostnames = host->name;
+  state->exp_tls_verify_cert_hostnames =
+#ifdef EXPERIMENTAL_INTERNATIONAL
+    string_domain_utf8_to_alabel(host->name, NULL);
+#else
+    host->name;
+#endif
   DEBUG(D_tls)
     debug_printf("TLS: server cert verification includes hostname: \"%s\".\n",
 		    state->exp_tls_verify_cert_hostnames);
diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c
index 65d608925..530266d36 100644
--- a/src/src/tls-openssl.c
+++ b/src/src/tls-openssl.c
@@ -1725,7 +1725,12 @@ if ((rc = setup_certs(ctx, ob->tls_verify_certificates,
 
 if (verify_check_given_host(&ob->tls_verify_cert_hostnames, host) == OK)
   {
-  cbinfo->verify_cert_hostnames = host->name;
+  cbinfo->verify_cert_hostnames =
+#ifdef EXPERIMENTAL_INTERNATIONAL
+    string_domain_utf8_to_alabel(host->name, NULL);
+#else
+    host->name;
+#endif
   DEBUG(D_tls) debug_printf("Cert hostname to check: \"%s\"\n",
 		    cbinfo->verify_cert_hostnames);
   }
author	Jeremy Harris <jgh146exb@wizmail.org>	2015-04-22 20:26:56 +0100
committer	Jeremy Harris <jgh146exb@wizmail.org>	2015-04-22 20:26:56 +0100
commit	4af0d74a886c7fbd4e3eec1743f4b1d2d8a4d457 (patch)
tree	d75ac093b26c1021a36b67e19f5dffbbedd80578 /src
parent	9479146eba39483724dc791ad814efe829def406 (diff)