commit 7822bd8a91515551458dfeb78eea02c4dd5ddb5f
Author: Oswald Buddenhagen <[email protected]>
Date: Sun Jul 27 18:10:26 2014 +0200
require Host if SSL is used despite Tunnel
src/mbsync.1 | 5 +++--
src/socket.c | 6 ++++--
2 files changed, 7 insertions(+), 4 deletions(-)
diff --git a/src/mbsync.1 b/src/mbsync.1
index fe24f8a..73b7853 100644
--- a/src/mbsync.1
+++ b/src/mbsync.1
@@ -238,8 +238,9 @@ Define the IMAP4 Account \fIname\fR, opening a section for
its parameters.
\fBHost\fR \fIhost\fR
Specify the DNS name or IP address of the IMAP server.
.br
-If \fBTunnel\fR is used, this setting is used only for SSL host certificate
-verification, if provided.
+If \fBTunnel\fR is used, this setting is needed only if \fBSSLType\fR is
+not \fINone\fR and \fBCertificateFile\fR is not used,
+in which case the host name is used for certificate subject verification.
..
.TP
\fBPort\fR \fIport\fR
diff --git a/src/socket.c b/src/socket.c
index 4a8bc6d..af83e09 100644
--- a/src/socket.c
+++ b/src/socket.c
@@ -177,8 +177,10 @@ verify_cert_host( const server_conf_t *conf, conn_t *sock )
return -1;
}
- if (!conf->host)
- return 0; /* SSL on top of a tunnel, no host specified. */
+ if (!conf->host) {
+ error( "SSL error connecting %s: Neither host nor matching
certificate specified\n", sock->name );
+ return -1;
+ }
return verify_hostname( cert, conf->host );
}
------------------------------------------------------------------------------
Comprehensive Server Monitoring with Site24x7.
Monitor 10 servers for $9/Month.
Get alerted through email, SMS, voice calls or mobile push notifications.
Take corrective actions from your mobile device.
http://p.sf.net/sfu/Zoho
_______________________________________________
isync-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/isync-devel
