OpenSSL: use failf() when subjectAltName mismatches

Write to CURLOPT_ERRORBUFFER information about mismatch alternative certificate subject names. Signed-off-by: Andrej E Baranov <admin@andrej-andb.ru>
2024-12-09 06:30:06 +08:00 · 2013-10-13 01:02:03 +02:00 · 2013-10-13 01:02:03 +02:00 · 39beaa5ffb
commit 39beaa5ffb
parent 5df04bfafd
1 changed files with 2 additions and 0 deletions
--- a/lib/ssluse.c
+++ b/lib/ssluse.c
@ -1192,6 +1192,8 @@ static CURLcode verifyhost(struct connectdata *conn,
    /* an alternative name field existed, but didn't match and then
       we MUST fail */
    infof(data, "\t subjectAltName does not match %s\n", conn->host.dispname);
+    failf(data, "SSL: alternative certificate subject names does not match "
+            "target host name '%s'", conn->host.dispname);
    res = CURLE_PEER_FAILED_VERIFICATION;
  }
  else {