Commit 1dc43de0 authored by Daniel Stenberg's avatar Daniel Stenberg
Browse files

gtls: respect *VERIFYHOST independently of *VERIFYPEER

Security flaw CVE-2013-6422

This is conceptually the same problem and fix that 3c3622b6 brought to the
OpenSSL backend and that resulted in CVE-2013-4545.

This version of the problem was independently introduced to the GnuTLS
backend with commit 59cf93cc, present in the code since the libcurl
7.21.4 release.

Reported-by: Marc Deslauriers
parent 8a8f9a5d
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment