romenskiy2012/curl
1
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-05-22 03:56:21 +03:00
Code Issues Projects Releases Packages Wiki Activity

https-proxy: use IP address and cert with ip in alt names

Browse source 
- improve info logging when peer verification fails to indicate
  if DNS name or ip address has been tried to match
- add test case for contacting https proxy with ip address
- add pytest env check on loaded credentials and re-issue
  when they are no longer valid
- disable proxy ip address test for bearssl, since not supported there

Ref: #12831
Closes #12838
This commit is contained in:
Stefan Eissing 2024-02-01 10:51:45 +01:00 committed by Daniel Stenberg
parent 4f79455877
commit c177e1944c
No known key found for this signature in database
GPG key ID: 5CC908FDB71E12C2
5 changed files with 50 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

6
lib/vtls/openssl.c
View file

@ -2242,9 +2242,11 @@ CURLcode Curl_ossl_verifyhost(struct Curl_easy *data, struct connectdata *conn,
/* an alternative name matched */
;
else if(dNSName || iPAddress) {
infof(data, " subjectAltName does not match %s", peer->dispname);
infof(data, " subjectAltName does not match %s %s",
peer->is_ip_address? "ip address" : "host name", peer->dispname);
failf(data, "SSL: no alternative certificate subject name matches "
"target host name '%s'", peer->dispname);
"target %s '%s'",
peer->is_ip_address? "ip address" : "host name", peer->dispname);
result = CURLE_PEER_FAILED_VERIFICATION;
}
else {