On 11/04/2010 02:37 PM, Hongli Lai wrote:
On Thu, Nov 4, 2010 at 2:19 PM, Daniel Stenberg<[email protected]> wrote:
Yes, that's exactly what I meant. Sorry for expressing myself sloppy. Thanks
a lot for the update, I've now committed and pushed this fix!
Great, thanks. :)
My patch only deals with OpenSSL. I'll work on GnuTLS support next.
There's also an issue with SSL host name verification. Right now it
doesn't work either with custom Host headers. I tried to fix this in
ssluse.c verifyhost() but for some reason it wouldn't work correctly:
curl https://ip-address-of-github -H "Host: github.com"
fails with the message that github.com doesn't match the
"*.github.com" value in the certificate.
github.com does not match *.github.com
Names may contain the wildcard
character * which is considered to match any single domain name
component or component fragment. E.g., *.a.com matches foo.a.com but
not bar.foo.a.com. f*.com matches foo.com but not bar.com.
It doesn't really matter to me because neither of my use cases really
care about host name verification but I thought you might want to
comment on this.
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
