You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
#60 enabled hostname verification by default, as many applications using SSLSockets directly don't know or remember to call post_connection_check.
One unexpected outcome is if an application implements a verify_callback and verification fails, then it is called with preverify_ok=false, but the store_context.error=0 which is OpenSSL::X509::V_OK! This could cause problems if an application assumes store_context.error == 0 means verification succeeded.
If a hostname mismatch is detected, I would expect store_context.error to be set to OpenSSL::X509::V_ERR_CERT_REJECTED so that there is no chance of confusion.