cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: SSL certificates

From: Dobromir Velev <curl_at_mail.bg>
Date: Tue, 12 Nov 2002 20:28:35 +0200

Here is the patch I used to fix my local version. Hope it will be of use.

Dobromir Velev

@@ -904,7 +904,18 @@
return CURLE_SSL_PEER_CERTIFICATE;
}

- if (!strequal(peer_CN, conn->hostname)) {
+ static int Compare_Host_Names(char *peer,char *hostname){
+ char *p = peer;
+ char *h = hostname;
+ if (strnequal(p,"*.",2)){
+ p++;/* remove the * character */
+ h+=strlen(h)-strlen(p); /* get the portion of the hostname that shoud
contain the domain name */
+ if(!strequal(p,h)) return 0;
+ }
+ else if (!strequal(p,h)) return 0;
+ return 1;
+ }
+ if (!Compare_Host_Names(peer_CN, conn->hostname)) {
       if (data->set.ssl.verifyhost > 1) {
         failf(data, "SSL: certificate subject name '%s' does not match "
               "target host name '%s'",

----- Original Message -----
From: "Philippe Raoult" <phir_at_gcu-squad.org>
To: <curl-library_at_lists.sourceforge.net>
Sent: Tuesday, November 12, 2002 20:00
Subject: Re: SSL certificates

> On Tue, 12 Nov 2002 16:41:25 +0100 (MET)
> Daniel Stenberg <daniel_at_haxx.se> wrote:
>
> >
> > This seems to be the same conclusion that Philippe Raoult made and
posted in
> > this bug report:
> >
http://sourceforge.net/tracker/index.php?func=detail&aid=634700&group_id=976
&atid=100976
> >
> > I urge you to read the comments there, cluefully submitted by Cris
Bailiff.
> >
> > > If needed I could provide a patch but I'm not sure if I can make it
> > > portable enough
>
> Indeed it's the same issue. I already have a patch but I'm waiting for
Cris's
> answer about the protocol before submitting it to the list.
>
> regards,
> Philippe
>
>
> -------------------------------------------------------
> This sf.net email is sponsored by:
> To learn the basics of securing your web site with SSL,
> click here to get a FREE TRIAL of a Thawte Server Certificate:
> http://www.gothawte.com/rd522.html
>

-------------------------------------------------------
This sf.net email is sponsored by:
To learn the basics of securing your web site with SSL,
click here to get a FREE TRIAL of a Thawte Server Certificate:
http://www.gothawte.com/rd522.html
Received on 2002-11-12

This message: [ Message body ]
Next message: Cris Bailiff: "Re: SSL certificates"
Previous message: Philippe Raoult: "Re: SSL certificates"
In reply to: Philippe Raoult: "Re: SSL certificates"
Next in thread: Daniel Stenberg: "Re: SSL certificates"
Reply: Daniel Stenberg: "Re: SSL certificates"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]