Commit 39beaa5f authored by Andrej E Baranov's avatar Andrej E Baranov Committed by Daniel Stenberg
Browse files

OpenSSL: use failf() when subjectAltName mismatches 



Write to CURLOPT_ERRORBUFFER information about mismatch alternative
certificate subject names.

Signed-off-by: default avatarAndrej E Baranov <admin@andrej-andb.ru>
parent 5df04bfa

lib/ssluse.c

+2 −0
Original line number Diff line number Diff line
@@ -1192,6 +1192,8 @@ static CURLcode verifyhost(struct connectdata *conn, 
    /* an alternative name field existed, but didn't match and then

       we MUST fail */

    infof(data, "\t subjectAltName does not match %s\n", conn->host.dispname);

    failf(data, "SSL: alternative certificate subject names does not match "

            "target host name '%s'", conn->host.dispname);

    res = CURLE_PEER_FAILED_VERIFICATION;

  }

  else {