On Sat, 27 Oct 2012, Nick Zitzmann wrote:
Here is a patch that rolls this out to curl_darwinssl.c as well. I noticed
that my code had always ignored that option. Now, before you panic and start
writing up a CVE, let me point out that it always ignored that option and
always verified the domain name unless the host in the URL was an IP
address. There just wasn't any way to turn that off.
This patch makes it possible to disable that check, just like in the other
TLS/SSL back-ends. Please add this onto your patch.
Thanks, I've incorporated it into my patch!
--
/ daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
