libfetch: fix certificate host name check

OpenSSL allows passing zero-length to indicate "use strlen". LibreSSL requires using the real length always, so pass the length.
2017-10-06 18:09:37 +03:00 · 2017-10-06 18:09:37 +03:00 · 0d814ba35b
parent eb8f44d629
commit 0d814ba35b
1 changed files with 1 additions and 1 deletions
--- a/libfetch/common.c
+++ b/libfetch/common.c
@ -541,7 +541,7 @@ fetch_ssl(conn_t *conn, const struct url *URL, int verbose)
 	if (getenv("SSL_NO_VERIFY_HOSTNAME") == NULL) {
 		if (verbose)
 			fetch_info("Verify hostname");
-		if (X509_check_host(conn->ssl_cert, URL->host, 0,
+		if (X509_check_host(conn->ssl_cert, URL->host, strlen(URL->host),
 				X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS,
 				NULL) != 1) {
 			fprintf(stderr, "SSL certificate subject doesn't match host %s\n",