diff options
| author | Jaakko Keränen <jaakko.keranen@iki.fi> | 2021-03-26 11:14:57 +0200 |
|---|---|---|
| committer | Jaakko Keränen <jaakko.keranen@iki.fi> | 2021-03-26 11:14:57 +0200 |
| commit | 1e5dfdc840824723dfa142707aca1f0fca4c0056 (patch) | |
| tree | 1b2c10b7529381754383e7f0140971f26557263a /src/gmrequest.c | |
| parent | 2740b24b1ff0c6c5363303fcc35028d471c1ce0e (diff) | |
GmCerts: Relaxed domain verification
Allow a certificate for a higher-level domain to be verified against any subdomains, i.e., implicitly assume every certificate uses wildcards.
CA verification is still done separately, and OpenSSL does that strictly as before.
Diffstat (limited to 'src/gmrequest.c')
| -rw-r--r-- | src/gmrequest.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/gmrequest.c b/src/gmrequest.c index f065f935..c968990c 100644 --- a/src/gmrequest.c +++ b/src/gmrequest.c | |||
| @@ -157,7 +157,7 @@ static void checkServerCertificate_GmRequest_(iGmRequest *d) { | |||
| 157 | if (!isExpired_TlsCertificate(cert)) { | 157 | if (!isExpired_TlsCertificate(cert)) { |
| 158 | resp->certFlags |= timeVerified_GmCertFlag; | 158 | resp->certFlags |= timeVerified_GmCertFlag; |
| 159 | } | 159 | } |
| 160 | if (verifyDomain_TlsCertificate(cert, domain)) { | 160 | if (verifyDomain_GmCerts(cert, domain)) { |
| 161 | resp->certFlags |= domainVerified_GmCertFlag; | 161 | resp->certFlags |= domainVerified_GmCertFlag; |
| 162 | } | 162 | } |
| 163 | if (checkTrust_GmCerts(d->certs, domain, cert)) { | 163 | if (checkTrust_GmCerts(d->certs, domain, cert)) { |