Change #246861
| Category | curl |
| Changed by | Stefan Eissing <stefan@eissing.org> |
| Changed at | Mon 27 Oct 2025 17:22:17 |
| Repository | https://github.com/curl/curl.git |
| Project | curl |
| Branch | master |
| Revision | 692c7f133e6f9a5053a87b1fffbf3c41697a7742 |
Comments
TLS: IP address verification, extend test Change the test certificate to carry a altname 'dns:127.0.0.1' which should *not* match in test_17_05_bad_ip_addr. wolfSSL: since `wolfSSL_check_domain_name()` does not differentiate between DNS and IP names, use if only for DNS names. For IP addresses, get the peer certificate after the handshake and check that using wolfSSL_X509_check_ip_asc(). Unfortunately, this succeeds where it should not, as wolfSSL internally used the same check code for both cases. So, skip the test case until wolfSSL fixes that. Reported-by: Joshua Rogers Closes #19252
Changed files
- lib/vquic/vquic-tls.c
- lib/vtls/wolfssl.c
- tests/http/test_02_download.py
- tests/http/test_07_upload.py
- tests/http/test_17_ssl_use.py
- tests/http/testenv/certs.py
- tests/http/testenv/env.py