romenskiy2012/curl
1
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-05-01 16:37:50 +03:00
Code Issues Projects Releases Packages Wiki Activity
curl/lib/vtls
History
Daniel Stenberg 6b93190fae
gnutls: pass in SNI name, not hostname when checking cert 
The function we use is called 'gnutls_x509_crt_check_hostname()' but if
we pass in the hostname with a trailing dot, the check fails. If we pass
in the SNI name, which cannot have a trailing dot, it succeeds for
https://pyropus.ca./

I consider this as a flaw in GnuTLS and have submitted this issue
upstream:

  https://gitlab.com/gnutls/gnutls/-/issues/1548

In order to work with old and existing GnuTLS versions, we still need
this change no matter how they view the issue or might change it in the
future.

Fixes #13428
Reported-by: Ryan Carsten Schmidt
Closes #13949
2024-06-14 13:19:20 +02:00
..
bearssl.c connection: shutdown TLS (for FTP) better 2024-06-10 13:08:12 +02:00
bearssl.h copyright: update all copyright lines and remove year ranges 2023-01-03 09:19:21 +01:00
cipher_suite.c sectransp: use common code for cipher suite lookup 2024-05-29 13:08:14 +02:00
cipher_suite.h sectransp: use common code for cipher suite lookup 2024-05-29 13:08:14 +02:00
gtls.c gnutls: pass in SNI name, not hostname when checking cert 2024-06-14 13:19:20 +02:00
gtls.h connection: shutdown TLS (for FTP) better 2024-06-10 13:08:12 +02:00
hostcheck.c gskit: remove 2023-08-07 20:57:48 +02:00
hostcheck.h copyright: update all copyright lines and remove year ranges 2023-01-03 09:19:21 +01:00
keylog.c tls: use shared init code for TCP+QUIC 2024-04-09 09:08:05 +02:00
keylog.h copyright: update all copyright lines and remove year ranges 2023-01-03 09:19:21 +01:00
mbedtls.c connection: shutdown TLS (for FTP) better 2024-06-10 13:08:12 +02:00
mbedtls.h copyright: update all copyright lines and remove year ranges 2023-01-03 09:19:21 +01:00
mbedtls_threadlock.c mbedtls: properly cleanup the thread-shared entropy 2024-03-12 03:09:37 -04:00
mbedtls_threadlock.h tidy-up: one comment and EOF newlines 2024-03-12 15:38:44 +00:00
openssl.c openssl: shortcut store_expired for negative timeouts 2024-06-11 10:51:00 +02:00
openssl.h openssl: stop duplicate ssl key logging for legacy OpenSSL 2024-05-24 15:22:53 -04:00
rustls.c connection: shutdown TLS (for FTP) better 2024-06-10 13:08:12 +02:00
rustls.h copyright: update all copyright lines and remove year ranges 2023-01-03 09:19:21 +01:00
schannel.c lib: xfer_setup and non-blocking shutdown 2024-06-11 13:41:03 +02:00
schannel.h build: do not publish HAVE_BORINGSSL, HAVE_AWSLC macros 2023-10-08 22:29:45 +00:00
schannel_int.h lib: xfer_setup and non-blocking shutdown 2024-06-11 13:41:03 +02:00
schannel_verify.c windows: fix UWP builds, add GHA job 2024-06-05 00:52:24 +02:00
sectransp.c connection: shutdown TLS (for FTP) better 2024-06-10 13:08:12 +02:00
sectransp.h copyright: update all copyright lines and remove year ranges 2023-01-03 09:19:21 +01:00
vtls.c connection: shutdown TLS (for FTP) better 2024-06-10 13:08:12 +02:00
vtls.h connection: shutdown TLS (for FTP) better 2024-06-10 13:08:12 +02:00
vtls_int.h connection: shutdown TLS (for FTP) better 2024-06-10 13:08:12 +02:00
wolfssl.c connection: shutdown TLS (for FTP) better 2024-06-10 13:08:12 +02:00
wolfssl.h wolfssl: support CA caching 2024-06-01 23:50:36 +02:00
x509asn1.c lib/v*: tidy up types and casts 2024-06-02 19:27:17 +02:00
x509asn1.h gskit: remove 2023-08-07 20:57:48 +02:00