From 9a34c8557ac02e691bc66a5313103569a5e646ac Mon Sep 17 00:00:00 2001
From: Julian Andres Klode <jak@debian.org>
Date: Sat, 1 Jul 2017 15:51:55 +0200
Subject: Make Verify-Host and Verify-Peer independent again

We can actually just pass null as a hostname, so let's just
do that when Verify-Host is set to false.
---
 methods/connect.cc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'methods/connect.cc')

diff --git a/methods/connect.cc b/methods/connect.cc
index 97057286e..e8c873adf 100644
--- a/methods/connect.cc
+++ b/methods/connect.cc
@@ -733,9 +733,9 @@ bool UnwrapTLS(std::string Host, std::unique_ptr<MethodFd> &Fd,
    if ((err = gnutls_set_default_priority(tlsFd->session)) < 0)
       return _error->Error("Could not set algorithm preferences: %s", gnutls_strerror(err));
 
-   if (Owner->ConfigFindB("Verify-Peer", true) || Owner->ConfigFindB("Verify-Host", true))
+   if (Owner->ConfigFindB("Verify-Peer", true))
    {
-      gnutls_session_set_verify_cert(tlsFd->session, tlsFd->hostname.c_str(), 0);
+      gnutls_session_set_verify_cert(tlsFd->session, Owner->ConfigFindB("Verify-Host", true) ? tlsFd->hostname.c_str() : nullptr, 0);
    }
    if ((err = gnutls_server_name_set(tlsFd->session, GNUTLS_NAME_DNS, tlsFd->hostname.c_str(), tlsFd->hostname.length())) < 0)
       return _error->Error("Could not set SNI name: %s", gnutls_strerror(err));
-- 
cgit v1.2.3