summaryrefslogtreecommitdiff
path: root/methods
diff options
context:
space:
mode:
authorJulian Andres Klode <jak@debian.org>2017-07-01 15:51:55 +0200
committerJulian Andres Klode <jak@debian.org>2017-07-01 15:51:55 +0200
commit9a34c8557ac02e691bc66a5313103569a5e646ac (patch)
tree605da388bd63513f2379fc17b40a8970a6d69ffe /methods
parent3be04d30cbb801777dce9d3e46c19722ab480b14 (diff)
Make Verify-Host and Verify-Peer independent again
We can actually just pass null as a hostname, so let's just do that when Verify-Host is set to false.
Diffstat (limited to 'methods')
-rw-r--r--methods/connect.cc4
1 files changed, 2 insertions, 2 deletions
diff --git a/methods/connect.cc b/methods/connect.cc
index 97057286e..e8c873adf 100644
--- a/methods/connect.cc
+++ b/methods/connect.cc
@@ -733,9 +733,9 @@ bool UnwrapTLS(std::string Host, std::unique_ptr<MethodFd> &Fd,
if ((err = gnutls_set_default_priority(tlsFd->session)) < 0)
return _error->Error("Could not set algorithm preferences: %s", gnutls_strerror(err));
- if (Owner->ConfigFindB("Verify-Peer", true) || Owner->ConfigFindB("Verify-Host", true))
+ if (Owner->ConfigFindB("Verify-Peer", true))
{
- gnutls_session_set_verify_cert(tlsFd->session, tlsFd->hostname.c_str(), 0);
+ gnutls_session_set_verify_cert(tlsFd->session, Owner->ConfigFindB("Verify-Host", true) ? tlsFd->hostname.c_str() : nullptr, 0);
}
if ((err = gnutls_server_name_set(tlsFd->session, GNUTLS_NAME_DNS, tlsFd->hostname.c_str(), tlsFd->hostname.length())) < 0)
return _error->Error("Could not set SNI name: %s", gnutls_strerror(err));