• Timothy B. Terriberry's avatar
    Make SSL/TLS certificate checking actually work. · a7c5b93c
    Timothy B. Terriberry authored
    We weren't loading the default certificate store, so there were no
     trusted certificates to validate hosts with, and all checks would
     fail (unless explicitly disabled with
     OP_SSL_SKIP_CERTIFICATE_CHECK(0)).
    This adds that call, and also adds hostname verification (which
     OpenSSL does not do for us, because they are morons).
    I've done my best to get the latter right by reading the RFCs, but
     this stuff is complex, it's easy to make mistakes, and I only have
     a limited ability to test it, so caveat emptor.
    a7c5b93c
http.c 112 KB