summaryrefslogtreecommitdiff
path: root/cpp/src/IceSSL/UWPTransceiverI.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'cpp/src/IceSSL/UWPTransceiverI.cpp')
-rw-r--r--cpp/src/IceSSL/UWPTransceiverI.cpp22
1 files changed, 20 insertions, 2 deletions
diff --git a/cpp/src/IceSSL/UWPTransceiverI.cpp b/cpp/src/IceSSL/UWPTransceiverI.cpp
index ca4bdc46afc..1f6eb168cd0 100644
--- a/cpp/src/IceSSL/UWPTransceiverI.cpp
+++ b/cpp/src/IceSSL/UWPTransceiverI.cpp
@@ -255,7 +255,10 @@ IceSSL::TransceiverI::startWrite(IceInternal::Buffer& buf)
//
stream->Control->IgnorableServerCertificateErrors->Append(ChainValidationResult::Expired);
stream->Control->IgnorableServerCertificateErrors->Append(ChainValidationResult::IncompleteChain);
- if(!_engine->getCheckCertName())
+ //
+ // Check if we need to enable host name verification
+ //
+ if(!_engine->getCheckCertName() || _host.empty())
{
stream->Control->IgnorableServerCertificateErrors->Append(ChainValidationResult::InvalidName);
}
@@ -293,7 +296,22 @@ IceSSL::TransceiverI::finishWrite(IceInternal::Buffer& buf)
{
if(CERT_E_CN_NO_MATCH == asyncInfo->error)
{
- throw SecurityException(__FILE__, __LINE__, "Hostname mismatch");
+ ostringstream ostr;
+ ostr << "IceSSL: certificate validation failure: "
+ << (IceInternal::isIpAddress(_host) ? "IP address mismatch" : "Hostname mismatch");
+ string msg = ostr.str();
+ if(_engine->securityTraceLevel() >= 1)
+ {
+ Trace out(_logger, _securityTraceCategory);
+ out << msg;
+ }
+
+ if(_engine->getVerifyPeer() > 0)
+ {
+ SecurityException ex(__FILE__, __LINE__);
+ ex.reason = msg;
+ throw ex;
+ }
}
IceInternal::checkErrorCode(__FILE__, __LINE__, asyncInfo->error);
}
generated by cgit v1.2.3 (git 2.46.0) at 2025-08-03 20:01:34 +0000