"Daniel Stenberg" <daniel-curl_at_haxx.se> said:

> > Why should a difference in case of a host/domain-name be a fatal error:
>
> This is a bug. It only seems to happen on wildcards too. I made a fix for it,
> just committed.

I saw it. I liked the needle and the haystack :). But cert_hostcheck()
is still a bit too simple in the way it only allows a wildcard at certname[0].
It refused to match "www*.host.com" against "www1.host.com".

And why must there be >1 dots in a cert-mask? Private host (with
NetBIOS names) should be allowed. E.g. On Win32 and *nix with
Samba, a https://host_on_lan should work since the name_on_lan
gets resolved via WINS.

BTW.
I'm working on other things in ssluse.c; allthough not strickly any
data that libcurl sees, it would be handy to see the initial SSL/TLS
transactions. i.e. with "curl --trace". OpenSSL has some callbacks
for this. Not sure it should be passed up using CURLINFO_DATA_x,
or if we should add another CURLINFO_SSL_DATA_x etc.

--gv
Received on 2004-06-13