upstream/oracle/userland-gate: components/curl/patches/010-CVE-2013-4545.patch@3754a17bfb14 (annotated)

1553 3754a17bfb14 17799440 problem in LIBRARY/CURL Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	1	CVE-2013-4545: Setting only CURLOPT_SSL_VERIFYHOST without
3754a17bfb14 17799440 problem in LIBRARY/CURL Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	2	CURLOPT_SSL_VERIFYPEER set should still verify that the host
3754a17bfb14 17799440 problem in LIBRARY/CURL Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	3	name fields in the server certificate is fine or return failure.
3754a17bfb14 17799440 problem in LIBRARY/CURL Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	4
3754a17bfb14 17799440 problem in LIBRARY/CURL Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	5	Bug: http://curl.haxx.se/mail/lib-2013-10/0002.html
3754a17bfb14 17799440 problem in LIBRARY/CURL Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	6	Reported-by: Ishan SinghLevett
3754a17bfb14 17799440 problem in LIBRARY/CURL Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	7
3754a17bfb14 17799440 problem in LIBRARY/CURL Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	8	Relevant upstream patch at:
3754a17bfb14 17799440 problem in LIBRARY/CURL Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	9	https://github.com/bagder/curl/commit/3c3622b6
3754a17bfb14 17799440 problem in LIBRARY/CURL Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	10
3754a17bfb14 17799440 problem in LIBRARY/CURL Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	11	--- lib/ssluse.c.orig 2013-11-14 15:22:45.714764527 -0800
3754a17bfb14 17799440 problem in LIBRARY/CURL Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	12	+++ lib/ssluse.c 2013-11-14 15:25:10.416516780 -0800
3754a17bfb14 17799440 problem in LIBRARY/CURL Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	13	@@ -2471,7 +2471,7 @@
3754a17bfb14 17799440 problem in LIBRARY/CURL Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	14	* operations.
3754a17bfb14 17799440 problem in LIBRARY/CURL Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	15	*/
3754a17bfb14 17799440 problem in LIBRARY/CURL Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	16
3754a17bfb14 17799440 problem in LIBRARY/CURL Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	17	- if(!data->set.ssl.verifypeer)
3754a17bfb14 17799440 problem in LIBRARY/CURL Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	18	+ if(!data->set.ssl.verifypeer && !data->set.ssl.verifyhost)
3754a17bfb14 17799440 problem in LIBRARY/CURL Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	19	(void)servercert(conn, connssl, FALSE);
3754a17bfb14 17799440 problem in LIBRARY/CURL Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	20	else
3754a17bfb14 17799440 problem in LIBRARY/CURL Rich Burridge <rich.burridge@oracle.com> parents: diff changeset	21	retcode = servercert(conn, connssl, TRUE);

author	Rich Burridge <rich.burridge@oracle.com>
	Fri, 15 Nov 2013 07:14:12 -0800
changeset 1553	3754a17bfb14
permissions	-rw-r--r--