Merge branch 'js/imap-send-peer-cert-verify'

* js/imap-send-peer-cert-verify: imap-send: explicitly verify the peer certificate
author: Junio C Hamano <gitster@pobox.com> 2025-04-07 14:23:20 -0700
committer: Junio C Hamano <gitster@pobox.com> 2025-04-07 14:23:20 -0700
commit: 7b420ef2c0ce6393d0db2df5943405a982085e1c (patch)
tree: 8c23e42e520dfed353e51aa99b143c5baeea9eb4
parent: Merge branch 'js/mingw-admins-are-special' (diff)
parent: imap-send: explicitly verify the peer certificate (diff)
download: git-7b420ef2c0ce6393d0db2df5943405a982085e1c.tar.gz
git-7b420ef2c0ce6393d0db2df5943405a982085e1c.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/imap-send.c b/imap-send.c
index 6c8f84e836..27dc033c7f 100644
--- a/imap-send.c
+++ b/imap-send.c
@@ -324,6 +324,8 @@ static int ssl_socket_connect(struct imap_socket *sock,
 		cert = SSL_get_peer_certificate(sock->ssl);
 		if (!cert)
 			return error("unable to get peer certificate.");
+		if (SSL_get_verify_result(sock->ssl) != X509_V_OK)
+			return error("unable to verify peer certificate");
 		if (verify_hostname(cert, cfg->host) < 0)
 			return -1;
 	}
author	Junio C Hamano <gitster@pobox.com>	2025-04-07 14:23:20 -0700
committer	Junio C Hamano <gitster@pobox.com>	2025-04-07 14:23:20 -0700
commit	7b420ef2c0ce6393d0db2df5943405a982085e1c (patch)
tree	8c23e42e520dfed353e51aa99b143c5baeea9eb4
parent	Merge branch 'js/mingw-admins-are-special' (diff)
parent	imap-send: explicitly verify the peer certificate (diff)
download	git-7b420ef2c0ce6393d0db2df5943405a982085e1c.tar.gz git-7b420ef2c0ce6393d0db2df5943405a982085e1c.zip