forked from pool/rsync
Pedro Monreal Gonzalez
4bbb3e29bd
- Security fix: [bsc#1176160, CVE-2020-14387] * rsync-ssl: Verify the hostname in the certificate when using openssl. - Add rsync-CVE-2020-14387.patch OBS-URL: https://build.opensuse.org/request/show/832048 OBS-URL: https://build.opensuse.org/package/show/network/rsync?expand=0&rev=82
16 lines
836 B
Diff
16 lines
836 B
Diff
X-Git-Url: http://git.samba.org/?p=rsync.git;a=blobdiff_plain;f=rsync-ssl;h=46701af160ecff16680b30faf6a1f325fac62359;hp=8101975ac6ef1e9e683e6658a61e49fbe02c5f52;hb=c3f7414;hpb=4c4fce51072c9189cfb11b52aa54fed79f5741bd
|
|
|
|
diff --git a/rsync-ssl b/rsync-ssl
|
|
index 8101975a..46701af1 100755
|
|
--- a/rsync-ssl
|
|
+++ b/rsync-ssl
|
|
@@ -129,7 +129,7 @@ function rsync_ssl_helper {
|
|
fi
|
|
|
|
if [[ $RSYNC_SSL_TYPE == openssl ]]; then
|
|
- exec $RSYNC_SSL_OPENSSL s_client $caopt $certopt -quiet -verify_quiet -servername $hostname -connect $hostname:$port
|
|
+ exec $RSYNC_SSL_OPENSSL s_client $caopt $certopt -quiet -verify_quiet -servername $hostname -verify_hostname $hostname -connect $hostname:$port
|
|
elif [[ $RSYNC_SSL_TYPE == gnutls ]]; then
|
|
exec $RSYNC_SSL_GNUTLS --logfile=/dev/null $gnutls_cert_opt $gnutls_opts $hostname:$port
|
|
else
|