curl-library
Re: Possible SSL bug in libcurl 7.32
Date: Wed, 2 Oct 2013 08:03:48 +0100
>I agree with you that this is a bug, but the above suggestion is wrong.
>"data->set.ssl.verifyhost" is a boolean internally so the value is only
ever 1 or 0 and thus always less than 2...
>
>But I can see how this could work:
>
>diff --git a/lib/ssluse.c b/lib/ssluse.c index 4f3c1e1..9974ac8 100644
>--- a/lib/ssluse.c
>+++ b/lib/ssluse.c
>@@ -2351,7 +2351,7 @@ ossl_connect_step3(struct connectdata *conn,
> * operations.
> */
>
>- if(!data->set.ssl.verifypeer)
>+ if(!data->set.ssl.verifypeer && !data->set.ssl.verifyhost)
> (void)servercert(conn, connssl, FALSE);
> else
> retcode = servercert(conn, connssl, TRUE);
Ah ok, yes I agree that your version of the if statement will produce
the desired behaviour (as long as servercert() also checks the values of
"ssl.verifypeer" and "ssl.verifyhost" before it actually performs the
validation and sets the return code).
I've not used git before but can I take it from the fact that you've
done a diff here that this is something that's already been fixed?
Please consider the environment before printing this email.
This message should be regarded as confidential. If you have received this email in error please notify the sender and destroy it immediately.
Statements of intent shall only become binding when confirmed in hard copy by an authorised signatory.
The contents of this email may relate to dealings with other companies under the control of BAE Systems plc details of which can be found at http://www.baesystems.com/Businesses/index.htm.
Detica Limited is a BAE Systems company trading as BAE Systems Detica.
Detica Limited is registered in England and Wales under No: 1337451.
Registered office: Surrey Research Park, Guildford, Surrey, GU2 7YP, England.
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2013-10-02