Browse Source

require Host if SSL is used despite Tunnel

wip/server-refactor
Oswald Buddenhagen 11 years ago
parent
commit
7822bd8a91
  1. 5
      src/mbsync.1
  2. 6
      src/socket.c

5
src/mbsync.1

@ -238,8 +238,9 @@ Define the IMAP4 Account \fIname\fR, opening a section for its parameters.
\fBHost\fR \fIhost\fR
Specify the DNS name or IP address of the IMAP server.
.br
If \fBTunnel\fR is used, this setting is used only for SSL host certificate
verification, if provided.
If \fBTunnel\fR is used, this setting is needed only if \fBSSLType\fR is
not \fINone\fR and \fBCertificateFile\fR is not used,
in which case the host name is used for certificate subject verification.
..
.TP
\fBPort\fR \fIport\fR

6
src/socket.c

@ -177,8 +177,10 @@ verify_cert_host( const server_conf_t *conf, conn_t *sock )
return -1;
}
if (!conf->host)
return 0; /* SSL on top of a tunnel, no host specified. */
if (!conf->host) {
error( "SSL error connecting %s: Neither host nor matching certificate specified\n", sock->name );
return -1;
}
return verify_hostname( cert, conf->host );
}

Loading…
Cancel
Save