Re: SSL cert error
Date: Sun, 13 Jun 2004 13:04:00 +0200
"Daniel Stenberg" <daniel-curl_at_haxx.se> said:
> > Why should a difference in case of a host/domain-name be a fatal error:
> This is a bug. It only seems to happen on wildcards too. I made a fix for it,
> just committed.
I saw it. I liked the needle and the haystack :). But cert_hostcheck()
is still a bit too simple in the way it only allows a wildcard at certname.
It refused to match "www*.host.com" against "www1.host.com".
And why must there be >1 dots in a cert-mask? Private host (with
NetBIOS names) should be allowed. E.g. On Win32 and *nix with
Samba, a https://host_on_lan should work since the name_on_lan
gets resolved via WINS.
I'm working on other things in ssluse.c; allthough not strickly any
data that libcurl sees, it would be handy to see the initial SSL/TLS
transactions. i.e. with "curl --trace". OpenSSL has some callbacks
for this. Not sure it should be passed up using CURLINFO_DATA_x,
or if we should add another CURLINFO_SSL_DATA_x etc.
Received on 2004-06-13