On Sat, Jun 8, 2013 at 11:54 AM, Oscar Koeroo <[email protected]> wrote:
>> I've noticed that cURL changed behavior in 7.29 regarding axTLS >> support. Before it was ignoring invalid certificates as requested, but >> in 7.29 it gives "subjectAltName(s) do not match %s" error and ignores >> curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L); > > FWIW: The commit was introduced in the 7.28-1 release. > My mistake. I've compared 7.29 and 7.28, but not the intermediate versions. > Well... it was meant to relate to the part "setting similar to the > OpenSSL backend.". This was how curl handled the VERIFYHOST setting with > an OpenSSL backend. axTLS was the first of a few SSL backends that > needed fixing and decided to mimic the OpenSSL behavior. > That was my justification for introducing this patch, thank you for detailed commit message. I also saw that verifyhost() is called in OpenSSL backend if only this option is enabled, so i tried to bring axTLS backed in accordance to declared behavior. ------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
