Make Verify-Host and Verify-Peer independent again

We can actually just pass null as a hostname, so let's just do that when Verify-Host is set to false.
author: Julian Andres Klode <jak@debian.org> 2017-07-01 15:51:55 +0200
committer: Julian Andres Klode <jak@debian.org> 2017-07-01 15:51:55 +0200
commit: 9a34c8557ac02e691bc66a5313103569a5e646ac (patch)
tree: 605da388bd63513f2379fc17b40a8970a6d69ffe /methods
parent: 3be04d30cbb801777dce9d3e46c19722ab480b14 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/methods/connect.cc b/methods/connect.cc
index 97057286e..e8c873adf 100644
--- a/methods/connect.cc
+++ b/methods/connect.cc
@@ -733,9 +733,9 @@ bool UnwrapTLS(std::string Host, std::unique_ptr<MethodFd> &Fd,
    if ((err = gnutls_set_default_priority(tlsFd->session)) < 0)
       return _error->Error("Could not set algorithm preferences: %s", gnutls_strerror(err));
 
-   if (Owner->ConfigFindB("Verify-Peer", true) || Owner->ConfigFindB("Verify-Host", true))
+   if (Owner->ConfigFindB("Verify-Peer", true))
    {
-      gnutls_session_set_verify_cert(tlsFd->session, tlsFd->hostname.c_str(), 0);
+      gnutls_session_set_verify_cert(tlsFd->session, Owner->ConfigFindB("Verify-Host", true) ? tlsFd->hostname.c_str() : nullptr, 0);
    }
    if ((err = gnutls_server_name_set(tlsFd->session, GNUTLS_NAME_DNS, tlsFd->hostname.c_str(), tlsFd->hostname.length())) < 0)
       return _error->Error("Could not set SNI name: %s", gnutls_strerror(err));
author	Julian Andres Klode <jak@debian.org>	2017-07-01 15:51:55 +0200
committer	Julian Andres Klode <jak@debian.org>	2017-07-01 15:51:55 +0200
commit	9a34c8557ac02e691bc66a5313103569a5e646ac (patch)
tree	605da388bd63513f2379fc17b40a8970a6d69ffe /methods
parent	3be04d30cbb801777dce9d3e46c19722ab480b14 (diff)