Home Explore Help
Sign In
noah
/
isync
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

require Host if SSL is used despite Tunnel

Oswald Buddenhagen 11 years ago
parent
7ce57b9c00
commit
7822bd8a91
2 changed files with 7 additions and 4 deletions
Unified View Show Diff Stats
  1. 3 2
      src/mbsync.1
  2. 4 2
      src/socket.c

+ 3 - 2
src/mbsync.1
View File 

@@ -238,8 +238,9 @@ Define the IMAP4 Account \fIname\fR, opening a section for its parameters.
 
 \fBHost\fR \fIhost\fR
 
 \fBHost\fR \fIhost\fR
 
 Specify the DNS name or IP address of the IMAP server.
 
 Specify the DNS name or IP address of the IMAP server.
 
 .br
 
 .br
 
-If \fBTunnel\fR is used, this setting is used only for SSL host certificate
 
-verification, if provided.
 
+If \fBTunnel\fR is used, this setting is needed only if \fBSSLType\fR is
 
+not \fINone\fR and \fBCertificateFile\fR is not used,
 
+in which case the host name is used for certificate subject verification.
 
 ..
 
 ..
 
 .TP
 
 .TP
 
 \fBPort\fR \fIport\fR
 
 \fBPort\fR \fIport\fR

+ 4 - 2
src/socket.c
View File 

@@ -177,8 +177,10 @@ verify_cert_host( const server_conf_t *conf, conn_t *sock )
 
 		return -1;
 
 		return -1;
 
 	}
 
 	}
 
 
 
-	if (!conf->host)
 
-		return 0; /* SSL on top of a tunnel, no host specified. */
 
+	if (!conf->host) {
 
+		error( "SSL error connecting %s: Neither host nor matching certificate specified\n", sock->name );
 
+		return -1;
 
+	}
 
 
 
 	return verify_hostname( cert, conf->host );
 
 	return verify_hostname( cert, conf->host );
 
 }
 
 }