Merge branch 'js/imap-send-peer-cert-verify'

* js/imap-send-peer-cert-verify: imap-send: explicitly verify the peer certificate
2025-04-07 14:23:20 -07:00 · 2025-04-07 14:23:20 -07:00 · 7b420ef2c0
parent 45e31f0bac fa8cd29676
commit 7b420ef2c0
1 changed files with 2 additions and 0 deletions
--- a/imap-send.c
+++ b/imap-send.c
@ -324,6 +324,8 @@ static int ssl_socket_connect(struct imap_socket *sock,
 		cert = SSL_get_peer_certificate(sock->ssl);
 		if (!cert)
 			return error("unable to get peer certificate.");
+		if (SSL_get_verify_result(sock->ssl) != X509_V_OK)
+			return error("unable to verify peer certificate");
 		if (verify_hostname(cert, cfg->host) < 0)
 			return -1;
 	}