On Thu, 4 Nov 2010, Hongli Lai wrote:
My patch only deals with OpenSSL. I'll work on GnuTLS support next.
Great!
There's also an issue with SSL host name verification. Right now it doesn't
work either with custom Host headers. I tried to fix this in ssluse.c
verifyhost() but for some reason it wouldn't work correctly: curl
https://ip-address-of-github -H "Host: github.com" fails with the message
that github.com doesn't match the "*.github.com" value in the certificate.
It doesn't really matter to me because neither of my use cases really care
about host name verification but I thought you might want to comment on
this.
Oh right.
In fact, we should probably extract the custom host name from Host: at a
slightly more central point so that we can re-use it easier for this OpenSSL
check, the GnuTLS check and for cerificate checks...
--
/ daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
