Commit 3c3622b6 authored by Daniel Stenberg's avatar Daniel Stenberg
Browse files

OpenSSL: acknowledge CURLOPT_SSL_VERIFYHOST without VERIFYPEER 

Setting only CURLOPT_SSL_VERIFYHOST without CURLOPT_SSL_VERIFYPEER set
should still verify that the host name fields in the server certificate
is fine or return failure.

Bug: http://curl.haxx.se/mail/lib-2013-10/0002.html
Reported-by: Ishan SinghLevett
parent a22c478e

lib/ssluse.c

+1 −1
Original line number Diff line number Diff line
@@ -2351,7 +2351,7 @@ ossl_connect_step3(struct connectdata *conn, 
   * operations.

   */



  if(!data->set.ssl.verifypeer)

  if(!data->set.ssl.verifypeer && !data->set.ssl.verifyhost)

    (void)servercert(conn, connssl, FALSE);

  else

    retcode = servercert(conn, connssl, TRUE);