[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [gnurl] 153/173: TLS: make SSL_VERIFYSTATUS work again
|
From: |
gnunet |
|
Subject: |
[GNUnet-SVN] [gnurl] 153/173: TLS: make SSL_VERIFYSTATUS work again |
|
Date: |
Fri, 24 Feb 2017 14:02:55 +0100 |
This is an automated email from the git hooks/post-receive script.
ng0 pushed a commit to annotated tag gnurl-7.53.1
in repository gnurl.
commit ca6ea6d9be5102a2246dff6e17b3ee9ad4ec64d0
Author: Daniel Stenberg <address@hidden>
AuthorDate: Sun Jan 22 18:11:55 2017 +0100
TLS: make SSL_VERIFYSTATUS work again
The CURLOPT_SSL_VERIFYSTATUS option was not properly handled by libcurl
and thus even if the status couldn't be verified, the connection would
be allowed and the user would not be told about the failed verification.
Regression since cb4e2be7c6d42ca
CVE-2017-2629
Bug: https://curl.haxx.se/docs/adv_20170222.html
Reported-by: Marcus Hoffmann
---
lib/url.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/lib/url.c b/lib/url.c
index 2886abec8..b8f7cfb9b 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -4173,8 +4173,11 @@ static struct connectdata *allocate_conn(struct
Curl_easy *data)
conn->bits.ftp_use_epsv = data->set.ftp_use_epsv;
conn->bits.ftp_use_eprt = data->set.ftp_use_eprt;
+ conn->ssl_config.verifystatus = data->set.ssl.primary.verifystatus;
conn->ssl_config.verifypeer = data->set.ssl.primary.verifypeer;
conn->ssl_config.verifyhost = data->set.ssl.primary.verifyhost;
+ conn->proxy_ssl_config.verifystatus =
+ data->set.proxy_ssl.primary.verifystatus;
conn->proxy_ssl_config.verifypeer = data->set.proxy_ssl.primary.verifypeer;
conn->proxy_ssl_config.verifyhost = data->set.proxy_ssl.primary.verifyhost;
--
To stop receiving notification emails like this one, please contact
address@hidden
- [GNUnet-SVN] [gnurl] 135/173: axtls: adapt to API changes, (continued)
- [GNUnet-SVN] [gnurl] 135/173: axtls: adapt to API changes, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 106/173: docs: Add more HTTPS proxy documentation, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 57/173: docs: Add note about libcurl copying strings to CURLOPT_* manpages, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 119/173: test1139: Added the --manual keyword since the manual is required, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 124/173: nss: make FTPS work with --proxytunnel, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 93/173: INTERNALS.md: language improvements, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 110/173: CHANGES: spell fix, use correct path to script, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 78/173: CURLOPT_CONNECT_TO: Fix compile warnings, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 88/173: vtls: source indentation fix, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 170/173: tests: use consistent environment variables for setting charset, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 153/173: TLS: make SSL_VERIFYSTATUS work again,
gnunet <=
- [GNUnet-SVN] [gnurl] 160/173: TODO: HTTP Digest using SHA-256, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 115/173: transfer: only retry nobody-requests for HTTP, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 114/173: telnet: Fix typos, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 130/173: http2: fix memory-leak when denying push streams, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 158/173: urldata: include curl_sspi.h when Windows SSPI is enabled, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 159/173: TODO: brotli is deployed widely now, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 167/173: TODO: "OPTIONS *", gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 134/173: RELEASE-NOTES: synced with 690935390c29c, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 21/173: digest_sspi: copy terminating NUL as well, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 118/173: RELEASE-NOTES: synced with 102454459dd688c, gnunet, 2017/02/24