Commit 0d814ba3 authored by Timo Teräs's avatar Timo Teräs

libfetch: fix certificate host name check

OpenSSL allows passing zero-length to indicate "use strlen".
LibreSSL requires using the real length always, so pass the length.
parent eb8f44d6
......@@ -541,7 +541,7 @@ fetch_ssl(conn_t *conn, const struct url *URL, int verbose)
if (getenv("SSL_NO_VERIFY_HOSTNAME") == NULL) {
if (verbose)
fetch_info("Verify hostname");
if (X509_check_host(conn->ssl_cert, URL->host, 0,
if (X509_check_host(conn->ssl_cert, URL->host, strlen(URL->host),
NULL) != 1) {
fprintf(stderr, "SSL certificate subject doesn't match host %s\n",
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment