Skip to content

Commit 6bddc0b

Browse files
StefanKarpinskiStefanKarpinski
authored
Merge pull request #114 from JuliaLang/sk/no-verify-peer-only
unverified HTTPS: don't set CURLOPT_SSL_VERIFYHOST=0
2 parents db1d8d5 + 86e52d7 commit 6bddc0b

File tree

2 files changed

+23
-8
lines changed

2 files changed

+23
-8
lines changed

src/Curl/Easy.jl

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -76,7 +76,6 @@ set_url(easy::Easy, url::AbstractString) = set_url(easy, String(url))
7676

7777
function set_ssl_verify(easy::Easy, verify::Bool)
7878
setopt(easy, CURLOPT_SSL_VERIFYPEER, verify)
79-
setopt(easy, CURLOPT_SSL_VERIFYHOST, verify*2)
8079
end
8180

8281
function set_ssh_verify(easy::Easy, verify::Bool)

test/runtests.jl

Lines changed: 23 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -403,13 +403,14 @@ include("setup.jl")
403403
end
404404
end
405405

406+
save_env = get(ENV, "JULIA_SSL_NO_VERIFY_HOSTS", nothing)
407+
delete!(ENV, "JULIA_SSL_NO_VERIFY_HOSTS")
408+
406409
@testset "bad TLS" begin
407-
save_env = get(ENV, "JULIA_SSL_NO_VERIFY_HOSTS", nothing)
408410
urls = [
409411
"https://wrong.host.badssl.com"
410412
"https://untrusted-root.badssl.com"
411413
]
412-
ENV["JULIA_SSL_NO_VERIFY_HOSTS"] = nothing
413414
@testset "bad TLS is rejected" for url in urls
414415
resp = request(url, throw=false)
415416
@test resp isa RequestError
@@ -449,11 +450,26 @@ include("setup.jl")
449450
@test resp isa Response
450451
@test resp.status == 200
451452
end
452-
if save_env !== nothing
453-
ENV["JULIA_SSL_NO_VERIFY_HOSTS"] = save_env
454-
else
455-
delete!(ENV, "JULIA_SSL_NO_VERIFY_HOSTS")
456-
end
453+
delete!(ENV, "JULIA_SSL_NO_VERIFY_HOSTS")
454+
end
455+
456+
@testset "SNI required" begin
457+
url = "https://juliahub.com" # anything served by CloudFront
458+
# secure verified host request
459+
resp = request(url, throw=false, downloader=Downloader())
460+
@test resp isa Response
461+
@test resp.status == 200
462+
# insecure unverified host request
463+
ENV["JULIA_SSL_NO_VERIFY_HOSTS"] = "**"
464+
resp = request(url, throw=false, downloader=Downloader())
465+
@test resp isa Response
466+
@test resp.status == 200
467+
end
468+
469+
if save_env !== nothing
470+
ENV["JULIA_SSL_NO_VERIFY_HOSTS"] = save_env
471+
else
472+
delete!(ENV, "JULIA_SSL_NO_VERIFY_HOSTS")
457473
end
458474

459475
@__MODULE__() == Main && @testset "ftp download" begin

0 commit comments

Comments
 (0)