Change #260099
| Category | None |
| Changed by | Stefan Eissing <stefan@eissing.org> |
| Changed at | Fri 06 Mar 2026 22:42:40 |
| Repository | https://api.github.com/repos/curl/curl |
| Project | curl/curl |
| Branch | master |
| Revision | 3c007d6351da59c00ba71bea73f231ac9be1c68b |
Comments
openssl+ech: workaround for insecure handshakes OpenSSL 4.0.0-dev supports ECH with one flaw. If peer verification is not enabled, it will report SSL_ECH_STATUS_BAD_NAME on the ECH status. Provide a workaround in libcurl that checks the inner name used in ECH was the peer's hostname, both verify peer and host are disabled and then accept the BAD_NAME without failing the connect. Fixes #20655 Reported-by: Dexter Gerig Closes #20821
Changed files
- lib/vtls/openssl.c