Commit 1dc43de0 authored by Daniel Stenberg's avatar Daniel Stenberg
Browse files

gtls: respect *VERIFYHOST independently of *VERIFYPEER 

Security flaw CVE-2013-6422

This is conceptually the same problem and fix that 3c3622b6 brought to the
OpenSSL backend and that resulted in CVE-2013-4545.

This version of the problem was independently introduced to the GnuTLS
backend with commit 59cf93cc, present in the code since the libcurl
7.21.4 release.

Advisory: http://curl.haxx.se/docs/adv_20131217.html
Bug: http://curl.haxx.se/mail/lib-2013-11/0214.html
Reported-by: Marc Deslauriers
parent 8a8f9a5d

lib/gtls.c

+2 −6
Original line number Diff line number Diff line
@@ -5,7 +5,7 @@ 
 *                            | (__| |_| |  _ <| |___

 *                             \___|\___/|_| \_\_____|

 *

 * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.

 * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.

 *

 * This software is licensed as described in the file COPYING, which

 * you should have received as part of this distribution. The terms
@@ -633,10 +633,8 @@ gtls_connect_step3(struct connectdata *conn, 
    else

      infof(data, "\t server certificate verification OK\n");

  }

  else {

  else

    infof(data, "\t server certificate verification SKIPPED\n");

    goto after_server_cert_verification;

  }



  /* initialize an X.509 certificate structure. */

  gnutls_x509_crt_init(&x509_cert);
@@ -766,8 +764,6 @@ gtls_connect_step3(struct connectdata *conn, 


  gnutls_x509_crt_deinit(x509_cert);



after_server_cert_verification:



  /* compression algorithm (if any) */

  ptr = gnutls_compression_get_name(gnutls_compression_get(session));

  /* the *_get_name() says "NULL" if GNUTLS_COMP_NULL is returned */