From 66328f97b571eb7a76e50459d124ead97b945274 Mon Sep 17 00:00:00 2001 From: Tomas Babej Date: Sat, 18 Feb 2017 20:21:30 +0100 Subject: [PATCH] TLSClient: Respect 'allow all' and 'ignore hostname' trust settings --- src/TLSClient.cpp | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/TLSClient.cpp b/src/TLSClient.cpp index 822bdafeb..88e450ff0 100644 --- a/src/TLSClient.cpp +++ b/src/TLSClient.cpp @@ -208,7 +208,11 @@ void TLSClient::connect (const std::string& host, const std::string& port) int ret; #if GNUTLS_VERSION_NUMBER >= 0x030406 - gnutls_session_set_verify_cert (_session, _host.c_str (), 0); // 3.4.6 + // For _trust == TLSClient::allow_all we perform no action + if (_trust == TLSClient::ignore_hostname) + gnutls_session_set_verify_cert (_session, NULL, 0); // 3.4.6 + else if (_trust == TLSClient::strict) + gnutls_session_set_verify_cert (_session, _host.c_str (), 0); // 3.4.6 #endif // SNI. Only permitted when _host is a DNS name, not an IPv4/6 address.