{“lastseen”:”2026-06-26T14:36:52″,”description”:”## Summary\\n\\nWhen an application sets `CURLOPT_SSL_VERIFYPEER=0` while keeping\\n`CURLOPT_SSL_VERIFYHOST=2` (the default), the mbedTLS, wolfSSL, and rustls\\nTLS backends silently skip the hostname-vs-certificate check. The OpenSSL,\\nGnuTLS, and Schannel backends correctly preserve hostname checking under\\nthe same configuration.\\n\\n`docs\/libcurl\/opts\/CURLOPT_SSL_VERIFYPEER.md` lines 57-59 explicitly state:\\n\\n\\u003e *\\”The check that the host name in the certificate is valid for the\\n\\u003e hostname you are connecting to is **done independently of the\\n\\u003e CURLOPT_SSL_VERIFYPEER(3) option**.\\”*\\n\\nResult: an MITM holding any valid certificate (the CN does not need to\\nmatch the requested host) can intercept TLS sessions to any HTTPS target\\nwhen an application disables peer chain verification \u2014 a common pattern\\nwith self-signed \/ internal-CA deployments. `Authorization`, `Cookie`, and\\nPOST bodies all leak to the attacker.\\n\\n## Affected backends\\n\\n“`\\n$ src\/curl –version # all four built from the same source tree\\ncurl 8.21.1-DEV (x86_64-pc-linux-gnu) libcurl\/8.21.1-DEV OpenSSL\/3.5.6 \u2190 rc=60 (correct)\\ncurl 8.21.1-DEV (x86_64-pc-linux-gnu) libcurl\/8.21.1-DEV mbedTLS\/3.6.5 \u2190 rc=0 (BUG)\\ncurl 8.21.1-DEV (x86_64-pc-linux-gnu) libcurl\/8.21.1-DEV wolfSSL\/5.7.2 \u2190 rc=0 (BUG)\\ncurl 8.21.1-DEV (x86_64-pc-linux-gnu) libcurl\/8.21.1-DEV rustls-ffi\/0.15.3 \u2190 rc=0 (BUG)\\n“`\\n\\nAffected versions: **all curl releases through HEAD master** for the\\nmbedTLS, wolfSSL, and rustls backends. The mbedTLS code path traces to\\ncommit `88cae145509` (2024-08-17, \\”mbedtls: add more informative logging\\”),\\nshipped in 8.10.0 and unchanged through current master.\\n\\nThe relevant code sites:\\n\\n- **mbedTLS** \u2014 `lib\/vtls\/mbedtls.c::mbed_verify_cb`:\\n “`c\\n if(!conn_config-\\u003everifypeer)\\n *flags = 0; \/* clears CN_MISMATCH along with chain flags *\/\\n else if(!conn_config-\\u003everifyhost)\\n *flags \\u0026= ~MBEDTLS_X509_BADCERT_CN_MISMATCH;\\n “`\\n `*flags = 0` zeroes the entire mbedTLS verify-flag bitmap, including\\n `MBEDTLS_X509_BADCERT_CN_MISMATCH`. mbedTLS uses\\n `MBEDTLS_SSL_VERIFY_REQUIRED` and trusts whatever flags this callback\\n returns.\\n\\n- **wolfSSL** \u2014 `lib\/vtls\/wolfssl.c::Curl_wssl_ctx_init`:\\n “`c\\n wolfSSL_CTX_set_verify(wctx-\\u003essl_ctx, conn_config-\\u003everifypeer ?\\n WOLFSSL_VERIFY_PEER : WOLFSSL_VERIFY_NONE, NULL);\\n “`\\n When `verifypeer=0`, `WOLFSSL_VERIFY_NONE` makes wolfSSL skip the entire\\n certificate-validation pipeline including the hostname check registered\\n by `wolfSSL_check_domain_name` further down.\\n\\n- **rustls** \u2014 `lib\/vtls\/rustls.c::cr_init_backend` (line 1048-1050):\\n “`c\\n if(!conn_config-\\u003everifypeer) {\\n rustls_client_config_builder_dangerous_set_certificate_verifier(\\n config_builder, cr_verify_none);\\n }\\n “`\\n `cr_verify_none` (line 389) is a callback that returns `RUSTLS_RESULT_OK`\\n unconditionally. It replaces rustls’s default `ServerCertVerifier`, which\\n in rustls performs both chain validation **and** hostname matching against\\n the SNI value passed to `rustls_client_connection_new`. Replacing it\\n disables both at once.\\n\\n## Steps to reproduce\\n\\nA self-contained Docker reproduction package is attached\\n(`verifyhost-repro.tar.gz`). It pulls the latest curl source from\\n`github.com\/curl\/curl.git`, builds four libcurls from the same source tree\\n(OpenSSL, mbedTLS, wolfSSL, rustls backends), runs a TLS server presenting\\na wrong-CN certificate, and drives a libcurl client at all four backends.\\n\\n“`sh\\ntar xzf verifyhost-repro.tar.gz\\ncd docker\\n.\/build_and_run.sh\\n“`\\n\\n(Pass a tag\/branch\/SHA as arg to pin: `.\/build_and_run.sh curl-8_21_0`.)\\n\\nExpected output:\\n\\n“`\\n================================================================\\n curl source commit: \\u003cSHA from official curl\/curl repo\\u003e\\n OpenSSL curl –version: curl 8.21.1-DEV libcurl\/8.21.1-DEV OpenSSL\/3.5.6 …\\n mbedTLS curl –version: curl 8.21.1-DEV libcurl\/8.21.1-DEV mbedTLS\/3.6.5 …\\n wolfSSL curl –version: curl 8.21.1-DEV libcurl\/8.21.1-DEV wolfSSL\/5.7.2 …\\n rustls curl –version: curl 8.21.1-DEV libcurl\/8.21.1-DEV rustls-ffi\/0.15.3 …\\n================================================================\\n\\n============== OpenSSL backend (control) \u2014 expect rc=60 ==============\\n* SSL: certificate subject name ‘wrong.example.com’ does not match target hostname ‘target.example.com’\\n=== RESULT: rc=60 (SSL peer certificate or SSH remote key was not OK) ===\\n\\n============== mbedTLS backend \u2014 expect rc=0 (BUG) ==============\\n\\u003c HTTP\/1.1 200 OK\\n\\u003c Content-Length: 7\\n=== RESULT: rc=0 (No error) ===\\n\\n============== wolfSSL backend \u2014 expect rc=0 (BUG) ==============\\n\\u003c HTTP\/1.1 200 OK\\n=== RESULT: rc=0 (No error) ===\\n\\n============== rustls backend \u2014 expect rc=0 (BUG) ==============\\n\\u003c HTTP\/1.1 200 OK\\n=== RESULT: rc=0 (No error) ===\\n“`\\n\\nThe OpenSSL run is the control: same source tree, same flags, same PoC\\ncode \u2014 only the TLS backend differs. Its `rc=60` confirms that the PoC\\ncorrectly enforces `verifyhost=2` and that the `rc=0` on the other three\\nbackends is a backend defect, not a PoC mistake.\\n\\n## Files in the package\\n\\n- `Dockerfile` \u2014 Debian trixie + mbedTLS 3.6.5 + OpenSSL 3.x + wolfSSL 5.7.2 + rustls-ffi 0.15.3\\n- `build_and_run.sh` \u2014 wrapper: `docker build` then `docker run`\\n- `run.sh` \u2014 entrypoint inside container; drives all four scenarios\\n- `poc.c` \u2014 minimal libcurl PoC\\n- `poc_server.py` \u2014 Python TLS server presenting CN=wrong.example.com\\n\\n## Credits\\nReported by: b1gtang on hackerone (SecBuddyF @ Tencent KeenLab)\\n\\n## Impact\\n\\n## Summary:\\n\\nAn MITM on the network path can fully impersonate the intended HTTPS\\nserver using any certificate (no need to match the requested hostname),\\ndecrypting and modifying the entire TLS session. The application has\\nopted out of chain verification but explicitly kept hostname verification\\non per the documented contract; libcurl silently disables both.”,”published”:”2026-06-26T08:40:39″,”modified”:”2026-06-26T14:34:51″,”type”:”hackerone”,”title”:”curl: mbedTLS \/ wolfSSL \/ rustls backends silently skip hostname verification when CURLOPT_SSL_VERIFYPEER=0″,”source”:””,”references”:””,”id”:”H1:3826199″,”bulletinFamily”:”bugbounty”,”cwe”:null,”cvelist”:[],”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:0,”severity”:”NONE”,”vector”:”NONE”,”version”:”NONE”},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/hackerone.com\/reports\/3826199″,”category_name”:”News”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2026-06-26T14:36:52″,”description”:”## Summary\\n\\nWhen an application sets `CURLOPT_SSL_VERIFYPEER=0` while keeping\\n`CURLOPT_SSL_VERIFYHOST=2` (the default), the mbedTLS, wolfSSL, and rustls\\nTLS backends silently skip the hostname-vs-certificate check. The OpenSSL,\\nGnuTLS, and Schannel…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[6,8,12,117,13,33,7,11,5],"class_list":["post-66080","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-cve","tag-cvss","tag-exploit","tag-hackerone","tag-news","tag-none","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n