commit 7822bd8a91515551458dfeb78eea02c4dd5ddb5f
parent 7ce57b9c00522d943a3e6109c9677366b8c5ec7d
Author: Oswald Buddenhagen <ossi@users.sf.net>
Date: Sun, 27 Jul 2014 18:10:26 +0200
require Host if SSL is used despite Tunnel
Diffstat:
2 files changed, 7 insertions(+), 4 deletions(-)
diff --git a/src/mbsync.1 b/src/mbsync.1
@@ -238,8 +238,9 @@ Define the IMAP4 Account \fIname\fR, opening a section for its parameters.
\fBHost\fR \fIhost\fR
Specify the DNS name or IP address of the IMAP server.
.br
-If \fBTunnel\fR is used, this setting is used only for SSL host certificate
-verification, if provided.
+If \fBTunnel\fR is used, this setting is needed only if \fBSSLType\fR is
+not \fINone\fR and \fBCertificateFile\fR is not used,
+in which case the host name is used for certificate subject verification.
..
.TP
\fBPort\fR \fIport\fR
diff --git a/src/socket.c b/src/socket.c
@@ -177,8 +177,10 @@ verify_cert_host( const server_conf_t *conf, conn_t *sock )
return -1;
}
- if (!conf->host)
- return 0; /* SSL on top of a tunnel, no host specified. */
+ if (!conf->host) {
+ error( "SSL error connecting %s: Neither host nor matching certificate specified\n", sock->name );
+ return -1;
+ }
return verify_hostname( cert, conf->host );
}