diff --git a/src/Curl/Easy.jl b/src/Curl/Easy.jl index 0ac9fc1..c143fdd 100644 --- a/src/Curl/Easy.jl +++ b/src/Curl/Easy.jl @@ -76,7 +76,6 @@ set_url(easy::Easy, url::AbstractString) = set_url(easy, String(url)) function set_ssl_verify(easy::Easy, verify::Bool) setopt(easy, CURLOPT_SSL_VERIFYPEER, verify) - setopt(easy, CURLOPT_SSL_VERIFYHOST, verify*2) end function set_ssh_verify(easy::Easy, verify::Bool) diff --git a/test/runtests.jl b/test/runtests.jl index 8151d1a..e52892b 100644 --- a/test/runtests.jl +++ b/test/runtests.jl @@ -403,13 +403,14 @@ include("setup.jl") end end + save_env = get(ENV, "JULIA_SSL_NO_VERIFY_HOSTS", nothing) + delete!(ENV, "JULIA_SSL_NO_VERIFY_HOSTS") + @testset "bad TLS" begin - save_env = get(ENV, "JULIA_SSL_NO_VERIFY_HOSTS", nothing) urls = [ "https://wrong.host.badssl.com" "https://untrusted-root.badssl.com" ] - ENV["JULIA_SSL_NO_VERIFY_HOSTS"] = nothing @testset "bad TLS is rejected" for url in urls resp = request(url, throw=false) @test resp isa RequestError @@ -449,11 +450,26 @@ include("setup.jl") @test resp isa Response @test resp.status == 200 end - if save_env !== nothing - ENV["JULIA_SSL_NO_VERIFY_HOSTS"] = save_env - else - delete!(ENV, "JULIA_SSL_NO_VERIFY_HOSTS") - end + delete!(ENV, "JULIA_SSL_NO_VERIFY_HOSTS") + end + + @testset "SNI required" begin + url = "https://juliahub.com" # anything served by CloudFront + # secure verified host request + resp = request(url, throw=false, downloader=Downloader()) + @test resp isa Response + @test resp.status == 200 + # insecure unverified host request + ENV["JULIA_SSL_NO_VERIFY_HOSTS"] = "**" + resp = request(url, throw=false, downloader=Downloader()) + @test resp isa Response + @test resp.status == 200 + end + + if save_env !== nothing + ENV["JULIA_SSL_NO_VERIFY_HOSTS"] = save_env + else + delete!(ENV, "JULIA_SSL_NO_VERIFY_HOSTS") end @__MODULE__() == Main && @testset "ftp download" begin