author | saurabh.vyas@oracle.com |
Mon, 01 Jun 2015 09:37:56 -0700 | |
branch | s11u2-sru |
changeset 4443 | 19990f188a99 |
parent 2824 | ed80ca124641 |
permissions | -rw-r--r-- |
2824
ed80ca124641
15941200 curl "gmake test" failures
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
1 |
CVE-2013-4545: Setting only CURLOPT_SSL_VERIFYHOST without |
ed80ca124641
15941200 curl "gmake test" failures
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
2 |
CURLOPT_SSL_VERIFYPEER set should still verify that the host |
ed80ca124641
15941200 curl "gmake test" failures
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
3 |
name fields in the server certificate is fine or return failure. |
ed80ca124641
15941200 curl "gmake test" failures
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
4 |
|
ed80ca124641
15941200 curl "gmake test" failures
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
5 |
Bug: http://curl.haxx.se/mail/lib-2013-10/0002.html |
ed80ca124641
15941200 curl "gmake test" failures
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
6 |
Reported-by: Ishan SinghLevett |
ed80ca124641
15941200 curl "gmake test" failures
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
7 |
|
ed80ca124641
15941200 curl "gmake test" failures
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
8 |
Relevant upstream patch at: |
ed80ca124641
15941200 curl "gmake test" failures
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
9 |
https://github.com/bagder/curl/commit/3c3622b6 |
ed80ca124641
15941200 curl "gmake test" failures
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
10 |
|
ed80ca124641
15941200 curl "gmake test" failures
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
11 |
--- lib/ssluse.c.orig 2013-11-18 06:59:53.408117483 -0800 |
ed80ca124641
15941200 curl "gmake test" failures
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
12 |
+++ lib/ssluse.c 2013-11-18 07:00:26.212993187 -0800 |
ed80ca124641
15941200 curl "gmake test" failures
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
13 |
@@ -2357,7 +2357,7 @@ |
ed80ca124641
15941200 curl "gmake test" failures
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
14 |
* operations. |
ed80ca124641
15941200 curl "gmake test" failures
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
15 |
*/ |
ed80ca124641
15941200 curl "gmake test" failures
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
16 |
|
ed80ca124641
15941200 curl "gmake test" failures
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
17 |
- if(!data->set.ssl.verifypeer) |
ed80ca124641
15941200 curl "gmake test" failures
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
18 |
+ if(!data->set.ssl.verifypeer && !data->set.ssl.verifyhost) |
ed80ca124641
15941200 curl "gmake test" failures
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
19 |
(void)servercert(conn, connssl, FALSE); |
ed80ca124641
15941200 curl "gmake test" failures
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
20 |
else |
ed80ca124641
15941200 curl "gmake test" failures
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
21 |
retcode = servercert(conn, connssl, TRUE); |