On Tue, 1 Oct 2013, SinghLevett, Ishan wrote:
I'd suggest the if statement should look more like this:
if (!data->set.ssl.verifypeer && (data->set.ssl.verifyhost < 2))
I agree with you that this is a bug, but the above suggestion is wrong.
"data->set.ssl.verifyhost" is a boolean internally so the value is only ever 1
or 0 and thus always less than 2...
But I can see how this could work:
diff --git a/lib/ssluse.c b/lib/ssluse.c
index 4f3c1e1..9974ac8 100644
--- a/lib/ssluse.c
+++ b/lib/ssluse.c
@@ -2351,7 +2351,7 @@ ossl_connect_step3(struct connectdata *conn,
* operations.
*/
- if(!data->set.ssl.verifypeer)
+ if(!data->set.ssl.verifypeer && !data->set.ssl.verifyhost)
(void)servercert(conn, connssl, FALSE);
else
retcode = servercert(conn, connssl, TRUE);
You agree?
--
/ daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
