require Host if SSL is used despite Tunnel

This commit is contained in:
Oswald Buddenhagen 2014-07-27 18:10:26 +02:00
parent 7ce57b9c00
commit 7822bd8a91
2 changed files with 7 additions and 4 deletions

View File

@ -238,8 +238,9 @@ Define the IMAP4 Account \fIname\fR, opening a section for its parameters.
\fBHost\fR \fIhost\fR
Specify the DNS name or IP address of the IMAP server.
.br
If \fBTunnel\fR is used, this setting is used only for SSL host certificate
verification, if provided.
If \fBTunnel\fR is used, this setting is needed only if \fBSSLType\fR is
not \fINone\fR and \fBCertificateFile\fR is not used,
in which case the host name is used for certificate subject verification.
..
.TP
\fBPort\fR \fIport\fR

View File

@ -177,8 +177,10 @@ verify_cert_host( const server_conf_t *conf, conn_t *sock )
return -1;
}
if (!conf->host)
return 0; /* SSL on top of a tunnel, no host specified. */
if (!conf->host) {
error( "SSL error connecting %s: Neither host nor matching certificate specified\n", sock->name );
return -1;
}
return verify_hostname( cert, conf->host );
}