cURL / Mailing Lists / curl-library / Single Mail

curl-library

[PATCH] OpenSSL. failed: subjectAltName does not match

From: Andrej E Baranov <admin_at_andrej-andb.ru>
Date: Sun, 13 Oct 2013 06:02:03 +0700

Write to CURLOPT_ERRORBUFFER information about mismatch
alternative certificate subject names.

Signed-off-by: Andrej E Baranov <admin_at_andrej-andb.ru>

---
 lib/ssluse.c | 2 ++
 1 file changed, 2 insertions(+)
diff --git a/lib/ssluse.c b/lib/ssluse.c
index 9974ac8..ef0c882 100644
--- a/lib/ssluse.c
+++ b/lib/ssluse.c
@@ -1192,6 +1192,8 @@ static CURLcode verifyhost(struct connectdata *conn,
     /* an alternative name field existed, but didn't match and then
        we MUST fail */
     infof(data, "\t subjectAltName does not match %s\n", conn->host.dispname);
+    failf(data, "SSL: alternative certificate subject names does not match "
+            "target host name '%s'", conn->host.dispname);
     res = CURLE_PEER_FAILED_VERIFICATION;
   }
   else {
-- 
1.8.1.2
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html

Received on 2013-10-13

This message: [ Message body ]
Next message: Daniel Stenberg: "Re: Migration away from SourceForge?"
Previous message: Dan Fandrich: "Re: Disable Valgrind for Self Tests?"
Next in thread: Daniel Stenberg: "Re: [PATCH] OpenSSL. failed: subjectAltName does not match"
Reply: Daniel Stenberg: "Re: [PATCH] OpenSSL. failed: subjectAltName does not match"
Reply: Petr Pisar: "Re: [PATCH] OpenSSL. failed: subjectAltName does not match"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]