cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: Possible SSL bug in libcurl 7.32

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Tue, 1 Oct 2013 23:10:15 +0200 (CEST)

On Tue, 1 Oct 2013, SinghLevett, Ishan wrote:

> I'd suggest the if statement should look more like this:
>
> if (!data->set.ssl.verifypeer && (data->set.ssl.verifyhost < 2))

I agree with you that this is a bug, but the above suggestion is wrong.
"data->set.ssl.verifyhost" is a boolean internally so the value is only ever 1
or 0 and thus always less than 2...

But I can see how this could work:

diff --git a/lib/ssluse.c b/lib/ssluse.c
index 4f3c1e1..9974ac8 100644
--- a/lib/ssluse.c
+++ b/lib/ssluse.c
@@ -2351,7 +2351,7 @@ ossl_connect_step3(struct connectdata *conn,
     * operations.
     */

- if(!data->set.ssl.verifypeer)
+ if(!data->set.ssl.verifypeer && !data->set.ssl.verifyhost)
      (void)servercert(conn, connssl, FALSE);
    else
      retcode = servercert(conn, connssl, TRUE);

You agree?

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html
Received on 2013-10-01