Merge pull request #114 from JuliaLang/sk/no-verify-peer-only

unverified HTTPS: don't set CURLOPT_SSL_VERIFYHOST=0
JuliaLang · Apr 21, 2021 · 6bddc0b · 6bddc0b
2 parents db1d8d5 + 86e52d7
commit 6bddc0b
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 8 deletions.
diff --git a/src/Curl/Easy.jl b/src/Curl/Easy.jl
@@ -76,7 +76,6 @@ set_url(easy::Easy, url::AbstractString) = set_url(easy, String(url))
 
 function set_ssl_verify(easy::Easy, verify::Bool)
     setopt(easy, CURLOPT_SSL_VERIFYPEER, verify)
-    setopt(easy, CURLOPT_SSL_VERIFYHOST, verify*2)
 end
 
 function set_ssh_verify(easy::Easy, verify::Bool)

diff --git a/test/runtests.jl b/test/runtests.jl
@@ -403,13 +403,14 @@ include("setup.jl")
         end
     end
 
+    save_env = get(ENV, "JULIA_SSL_NO_VERIFY_HOSTS", nothing)
+    delete!(ENV, "JULIA_SSL_NO_VERIFY_HOSTS")
+
     @testset "bad TLS" begin
-        save_env = get(ENV, "JULIA_SSL_NO_VERIFY_HOSTS", nothing)
         urls = [
             "https://wrong.host.badssl.com"
             "https://untrusted-root.badssl.com"
         ]
-        ENV["JULIA_SSL_NO_VERIFY_HOSTS"] = nothing
         @testset "bad TLS is rejected" for url in urls
             resp = request(url, throw=false)
             @test resp isa RequestError
@@ -449,11 +450,26 @@ include("setup.jl")
             @test resp isa Response
             @test resp.status == 200
         end
-        if save_env !== nothing
-            ENV["JULIA_SSL_NO_VERIFY_HOSTS"] = save_env
-        else
-            delete!(ENV, "JULIA_SSL_NO_VERIFY_HOSTS")
-        end
+        delete!(ENV, "JULIA_SSL_NO_VERIFY_HOSTS")
+    end
+
+    @testset "SNI required" begin
+        url = "https://juliahub.com" # anything served by CloudFront
+        # secure verified host request
+        resp = request(url, throw=false, downloader=Downloader())
+        @test resp isa Response
+        @test resp.status == 200
+        # insecure unverified host request
+        ENV["JULIA_SSL_NO_VERIFY_HOSTS"] = "**"
+        resp = request(url, throw=false, downloader=Downloader())
+        @test resp isa Response
+        @test resp.status == 200
+    end
+
+    if save_env !== nothing
+        ENV["JULIA_SSL_NO_VERIFY_HOSTS"] = save_env
+    else
+        delete!(ENV, "JULIA_SSL_NO_VERIFY_HOSTS")
     end
 
     @__MODULE__() == Main && @testset "ftp download" begin