rsync-ssl: Verify the hostname in the certificate when using openssl.

author Matt McCutchen <matt@mattmccutchen.net>

Wed, 26 Aug 2020 16:16:08 +0000 (12:16 -0400)

committer Wayne Davison <wayne@opencoder.net>

Wed, 26 Aug 2020 21:07:02 +0000 (14:07 -0700)
author Matt McCutchen <matt@mattmccutchen.net>
Wed, 26 Aug 2020 16:16:08 +0000 (12:16 -0400)
committer Wayne Davison <wayne@opencoder.net>
Wed, 26 Aug 2020 21:07:02 +0000 (14:07 -0700)
diff --git a/rsync-ssl b/rsync-ssl

index 8101975ac6ef1e9e683e6658a61e49fbe02c5f52..46701af160ecff16680b30faf6a1f325fac62359 100755 (executable)
--- a/rsync-ssl
+++ b/rsync-ssl
@@ -129,7 +129,7 @@ function rsync_ssl_helper {
      fi
  
      if [[ $RSYNC_SSL_TYPE == openssl ]]; then
-       exec $RSYNC_SSL_OPENSSL s_client $caopt $certopt -quiet -verify_quiet -servername $hostname -connect $hostname:$port
+       exec $RSYNC_SSL_OPENSSL s_client $caopt $certopt -quiet -verify_quiet -servername $hostname -verify_hostname $hostname -connect $hostname:$port
      elif [[ $RSYNC_SSL_TYPE == gnutls ]]; then
         exec $RSYNC_SSL_GNUTLS --logfile=/dev/null $gnutls_cert_opt $gnutls_opts $hostname:$port
      else
author	Matt McCutchen <matt@mattmccutchen.net>
	Wed, 26 Aug 2020 16:16:08 +0000 (12:16 -0400)
committer	Wayne Davison <wayne@opencoder.net>
	Wed, 26 Aug 2020 21:07:02 +0000 (14:07 -0700)