diff options
author | Julian Andres Klode <jak@debian.org> | 2017-07-01 15:51:55 +0200 |
---|---|---|
committer | Julian Andres Klode <jak@debian.org> | 2017-07-01 15:51:55 +0200 |
commit | 9a34c8557ac02e691bc66a5313103569a5e646ac (patch) | |
tree | 605da388bd63513f2379fc17b40a8970a6d69ffe /methods | |
parent | 3be04d30cbb801777dce9d3e46c19722ab480b14 (diff) |
Make Verify-Host and Verify-Peer independent again
We can actually just pass null as a hostname, so let's just
do that when Verify-Host is set to false.
Diffstat (limited to 'methods')
-rw-r--r-- | methods/connect.cc | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/methods/connect.cc b/methods/connect.cc index 97057286e..e8c873adf 100644 --- a/methods/connect.cc +++ b/methods/connect.cc @@ -733,9 +733,9 @@ bool UnwrapTLS(std::string Host, std::unique_ptr<MethodFd> &Fd, if ((err = gnutls_set_default_priority(tlsFd->session)) < 0) return _error->Error("Could not set algorithm preferences: %s", gnutls_strerror(err)); - if (Owner->ConfigFindB("Verify-Peer", true) || Owner->ConfigFindB("Verify-Host", true)) + if (Owner->ConfigFindB("Verify-Peer", true)) { - gnutls_session_set_verify_cert(tlsFd->session, tlsFd->hostname.c_str(), 0); + gnutls_session_set_verify_cert(tlsFd->session, Owner->ConfigFindB("Verify-Host", true) ? tlsFd->hostname.c_str() : nullptr, 0); } if ((err = gnutls_server_name_set(tlsFd->session, GNUTLS_NAME_DNS, tlsFd->hostname.c_str(), tlsFd->hostname.length())) < 0) return _error->Error("Could not set SNI name: %s", gnutls_strerror(err)); |