Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

proxy peer verification, use correct type #12931

Closed
wants to merge 3 commits into from
Closed

proxy peer verification, use correct type #12931

wants to merge 3 commits into from

Conversation

icing
Copy link
Contributor

@icing icing commented Feb 13, 2024

@icing
proxy peer verification, use correct type
b488345 
- refs curl#12831
- when verifying a proxy certificate for an ip address, use
  the correct ip family. That may be different from the
  "connection" ip family.
@icing icing mentioned this pull request Feb 13, 2024
Closed
jay
jay reviewed Feb 15, 2024
View reviewed changes
lib/vtls/vtls.c Outdated
peer->is_ip_address = is_ip_address(peer->hostname)? TRUE : FALSE;
if(peer->hostname[0] && !peer->is_ip_address) {
peer->type = get_peer_type(peer->hostname);
if(peer->type == CURL_SSL_PEER_DNS) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I notice you removed the 0 length hostname check for SNI, I assume because it's not possible

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good catch. I re-added the check. I believe is is not necessary, but stranger things have happened before. Added a DEBUGASSERT to catch those situations in debug builds.

@icing
re-add the check for hostname being the empty string
d42f5d4 
- check when making the SNI, as was done before
- add a DEBUGASSERT, since this should not happen
@jay jay closed this in e87751d Feb 16, 2024
@jay
Copy link
Member

jay commented Feb 16, 2024

Thanks. I removed the comments above the DEBUGASSERT because it's implied in the assert.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jay jay jay left review comments

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@icing @jay