libfetch: fix certificate host name check

OpenSSL allows passing zero-length to indicate "use strlen". LibreSSL requires using the real length always, so pass the length.
alpinelinux · Oct 6, 2017 · 0d814ba · 0d814ba
1 parent eb8f44d
commit 0d814ba
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/libfetch/common.c b/libfetch/common.c
@@ -541,7 +541,7 @@ fetch_ssl(conn_t *conn, const struct url *URL, int verbose)
  if (getenv("SSL_NO_VERIFY_HOSTNAME") == NULL) {
  if (verbose)
  fetch_info("Verify hostname");
- if (X509_check_host(conn->ssl_cert, URL->host, 0,
+ if (X509_check_host(conn->ssl_cert, URL->host, strlen(URL->host),
  X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS,
  NULL) != 1) {
  fprintf(stderr, "SSL certificate subject doesn't match host %s\n",