Curl TLS verification omits hostname

cURL does not appear to be verifying that the hostname (subject/SAN) in
a server certificate matches the requested host.  It should.

In the following, the host is misconfigured (and may be fixed by the
time you see this).

www.southboroughtown.com is a CNAME for
civiccms01live.enterprise-g1.acquia-sites.com.

The certificate subjects are: DNS:*.enterprise-g1.acquia-sites.com,
DNS:enterprise-g1.acquia-sites.com

Fetching https://www.southboroughtown.com has these results:

A browser correctly reports "common_name_invalid", curl does not. E.g.
Chrome:

    This server could not prove that it is *www.southboroughtown.com*;
    its security certificate is from **.enterprise-g1.acquia-sites.com*.

Looking at verbose output: cURL is verifying that the certificate has a
trust chain to the root,
but is not matching the requested hostname to the certificate.  It might
be comparing the
CNAME target to the certificate.

In any case, some Subject/SAN in the certificate must match the host
name on the command line (Specifically in the Host: header).  Not doing
the match correctly is a host impersonation (security) issue...

Supporting detail:

 curl --version
curl 7.70.0 (i686-pc-linux-gnu) libcurl/7.70.0 OpenSSL/1.1.1d
zlib/1.2.11 brotli/1.0.7 c-ares/1.15.0 libssh2/1.8.2 nghttp2/1.37.0
Release-Date: 2020-04-29
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps
pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: AsynchDNS brotli HTTP2 HTTPS-proxy IPv6 Largefile libz NTLM
NTLM_WB SSL TLS-SRP UnixSockets

curl -v -sD - https://www.southboroughtown.com 2>&1 |less
*   Trying 34.196.1.111:443...
* Connected to www.southboroughtown.com (34.196.1.111) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [102 bytes data]
* TLSv1.2 (IN), TLS handshake, Certificate (11):
{ [3997 bytes data]
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
{ [333 bytes data]
* TLSv1.2 (IN), TLS handshake, Server finished (14):
{ [4 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
} [70 bytes data]
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.2 (OUT), TLS handshake, Finished (20):
} [16 bytes data]
* TLSv1.2 (IN), TLS handshake, Finished (20):
{ [16 bytes data]
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use h2
* Server certificate:
*  subject: C=US; ST=Massachusetts; L=Boston; O=Acquia Inc;
CN=*.enterprise-g1.acquia-sites.com
*  start date: Dec 17 00:00:00 2019 GMT
*  expire date: Apr 15 12:00:00 2021 GMT
*  issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=DigiCert SHA2
High Assurance Server CA
*  SSL certificate verify ok.
====^^^ This should have failed due to hostname mismatch.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after
upgrade: len=0
} [5 bytes data]
* Using Stream ID: 1 (easy handle 0x9c8e9b8)
} [5 bytes data]
> GET / HTTP/2
> Host: www.southboroughtown.com
> user-agent: curl/7.70.0
> accept: */*

 dig www.southboroughtown.com

; <<>> DiG 9.11.2 <<>> www.southboroughtown.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20823
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: e243210dedba530cddf2567b5eea2190f5141fa2801eba1b (good)
;; QUESTION SECTION:
;www.southboroughtown.com.      IN      A

;; ANSWER SECTION:
www.southboroughtown.com. 300   IN      CNAME  
civiccms01live.enterprise-g1.acquia-sites.com.
civiccms01live.enterprise-g1.acquia-sites.com. 60 IN A 34.196.1.111

;; Query time: 141 msec
;; SERVER: 192.168.148.6#53(192.168.148.6)
;; WHEN: Wed Jun 17 09:58:40 EDT 2020
;; MSG SIZE  rcvd: 156

 ~/tools/ssl_info www.southboroughtown.com
www.southboroughtown.com:443
    Issuer: C = US, O = DigiCert Inc, OU = www.digicert.com, CN =
DigiCert SHA2 High Assurance Server CA
    Issued : Dec 17 00:00:00 2019 GMT
    Expires: Apr 15 12:00:00 2021 GMT
    Subject: C = US, ST = Massachusetts, L = Boston, O = Acquia Inc, CN
= *.enterprise-g1.acquia-sites.com
    Public Key Algorithm: rsaEncryption
    Subject Alternative Name:
            DNS:*.enterprise-g1.acquia-sites.com,
            DNS:enterprise-g1.acquia-sites.com

    Issuer: C = US, O = DigiCert Inc, OU = www.digicert.com, CN =
DigiCert High Assurance EV Root CA
    Issued : Oct 22 12:00:00 2013 GMT
    Expires: Oct 22 12:00:00 2028 GMT
    Subject: C = US, O = DigiCert Inc, OU = www.digicert.com, CN =
DigiCert SHA2 High Assurance Server CA
    Public Key Algorithm: rsaEncryption

    Issuer: C = US, O = DigiCert Inc, OU = www.digicert.com, CN =
DigiCert High Assurance EV Root CA
    Issued : Nov 10 00:00:00 2006 GMT
    Expires: Nov 10 00:00:00 2031 GMT
    Subject: C = US, O = DigiCert Inc, OU = www.digicert.com, CN =
DigiCert High Assurance EV Root CA
    Public Key Algorithm: rsaEncryption

    New, TLSv1.2, Cipher is ECDHE-RSA-AES128-GCM-SHA256
    Peer signature type: RSA
    Peer signing digest: SHA512
    Verification: OK
    Verify return code: 0 (ok)

-- 
Timothe Litt
ACM Distinguished Engineer

-----------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-users
Etiquette: https://curl.haxx.se/mail/etiquette.html