luo980/curl
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
b03f01742d
curl/lib
History
Jay Satiro d58ba66eec mbedtls: Fix pinned key return value on fail 
- Switch from verifying a pinned public key in a callback during the
certificate verification to inline after the certificate verification.

The callback method had three problems:

1. If a pinned public key didn't match, CURLE_SSL_PINNEDPUBKEYNOTMATCH
was not returned.

2. If peer certificate verification was disabled the pinned key
verification did not take place as it should.

3. (related to #2) If there was no certificate of depth 0 the callback
would not have checked the pinned public key.

Though all those problems could have been fixed it would have made the
code more complex. Instead we now verify inline after the certificate
verification in mbedtls_connect_step2.

Ref: http://curl.haxx.se/mail/lib-2016-01/0047.html
Ref: https://github.com/bagder/curl/pull/601
2016-01-18 03:48:10 -05:00
..
vtls
.gitignore
amigaos.c
amigaos.h
arpa_telnet.h
asyn-ares.c
asyn-thread.c
asyn.h
base64.c
checksrc.pl
checksrc.whitelist
CMakeLists.txt
config-amigaos.h
config-dos.h
config-mac.h
config-os400.h
config-riscos.h
config-symbian.h
config-tpf.h
config-vxworks.h
config-win32.h
config-win32ce.h
conncache.c
conncache.h
connect.c
connect.h
content_encoding.c
content_encoding.h
cookie.c
cookie.h
curl_addrinfo.c
curl_addrinfo.h
curl_base64.h
curl_config.h.cmake
curl_des.c
curl_des.h
curl_endian.c
curl_endian.h
curl_fnmatch.c
curl_fnmatch.h
curl_gethostname.c
curl_gethostname.h
curl_gssapi.c
curl_gssapi.h
curl_hmac.h
curl_ldap.h
curl_md4.h
curl_md5.h
curl_memory.h
curl_memrchr.c
curl_memrchr.h
curl_multibyte.c
curl_multibyte.h
curl_ntlm_core.c
curl_ntlm_core.h
curl_ntlm_msgs.c
curl_ntlm_msgs.h
curl_ntlm_wb.c
curl_ntlm_wb.h
curl_ntlm.c
curl_ntlm.h
curl_printf.h
curl_rtmp.c
curl_rtmp.h
curl_sasl_gssapi.c
curl_sasl_sspi.c
curl_sasl.c
curl_sasl.h
curl_sec.h
curl_setup_once.h
curl_setup.h
curl_sspi.c
curl_sspi.h
curl_threads.c
curl_threads.h
curlx.h
dict.c
dict.h
dotdot.c
dotdot.h
easy.c
easyif.h
escape.c
escape.h
file.c
file.h
fileinfo.c
fileinfo.h
firefox-db2pem.sh
formdata.c
formdata.h
ftp.c
ftp.h
ftplistparser.c
ftplistparser.h
getenv.c
getinfo.c
getinfo.h
gopher.c
gopher.h
hash.c
hash.h
hmac.c
hostasyn.c
hostcheck.c
hostcheck.h
hostip4.c
hostip6.c
hostip.c
hostip.h
hostsyn.c
http2.c
http2.h
http_chunks.c
http_chunks.h
http_digest.c
http_digest.h
http_negotiate_sspi.c
http_negotiate.c
http_negotiate.h
http_proxy.c
http_proxy.h
http.c
http.h
idn_win32.c
if2ip.c
if2ip.h
imap.c
imap.h
inet_ntop.c
inet_ntop.h
inet_pton.c
inet_pton.h
krb5.c
ldap.c
libcurl.def
libcurl.plist
libcurl.rc
libcurl.vers.in
llist.c
llist.h
Makefile.am
makefile.amiga
Makefile.b32
makefile.dj
Makefile.inc
Makefile.m32
Makefile.netware
Makefile.vc6
Makefile.vxworks
Makefile.Watcom
md4.c
md5.c
memdebug.c
memdebug.h
mk-ca-bundle.pl
mk-ca-bundle.vbs
mprintf.c
multi.c
multihandle.h
multiif.h
netrc.c
netrc.h
non-ascii.c
non-ascii.h
nonblock.c
nonblock.h
nwlib.c
nwos.c
objnames-test08.sh
objnames-test10.sh
objnames.inc
openldap.c
parsedate.c
parsedate.h
pingpong.c
pingpong.h
pipeline.c
pipeline.h
pop3.c
pop3.h
progress.c
progress.h
rawstr.c
rawstr.h
rtsp.c
rtsp.h
security.c
select.c
select.h
sendf.c
sendf.h
setup-os400.h
setup-vms.h
share.c
share.h
sigpipe.h
slist.c
slist.h
smb.c
smb.h
smtp.c
smtp.h
sockaddr.h build: fix circular header inclusion with other packages 2013-01-09 00:49:50 +01:00
socks_gssapi.c
socks_sspi.c
socks.c
socks.h
speedcheck.c
speedcheck.h
splay.c
splay.h
ssh.c
ssh.h
strdup.c
strdup.h
strequal.c
strequal.h
strerror.c
strerror.h
strtok.c
strtok.h
strtoofft.c
strtoofft.h
telnet.c
telnet.h
tftp.c
tftp.h
timeval.c
timeval.h
transfer.c
transfer.h
url.c
url.h
urldata.h
version.c
warnless.c
warnless.h
wildcard.c
wildcard.h
x509asn1.c
x509asn1.h