Skip to content
Commit 1dc43de0 authored by Daniel Stenberg's avatar Daniel Stenberg
Browse files

gtls: respect *VERIFYHOST independently of *VERIFYPEER

Security flaw CVE-2013-6422

This is conceptually the same problem and fix that 3c3622b6 brought to the
OpenSSL backend and that resulted in CVE-2013-4545.

This version of the problem was independently introduced to the GnuTLS
backend with commit 59cf93cc, present in the code since the libcurl
7.21.4 release.

Advisory: http://curl.haxx.se/docs/adv_20131217.html
Bug: http://curl.haxx.se/mail/lib-2013-11/0214.html
Reported-by: Marc Deslauriers
parent 8a8f9a5d
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment