default to verifying cert hostname if no fingerprint is passed

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>

diff --git a/PVE/APIClient/LWP.pm b/PVE/APIClient/LWP.pm
index 998c15de8b6d9412722c2a58f736fdc77cb874b3..bc158e96ca8e22bd7fdbdfcd86dd41524c9df7ed 100755 (executable)
--- a/PVE/APIClient/LWP.pm
+++ b/PVE/APIClient/LWP.pm
@@ -300,9 +300,17 @@ my sub verify_cert_callback {
 sub new {
     my ($class, %param) = @_;
 
-    my $ssl_default_opts = { verify_hostname => 0 };
-    my $ssl_opts = $param{ssl_opts} || $ssl_default_opts;
+    my $ssl_opts = $param{ssl_opts} || {};
 
+    if (!defined($ssl_opts->{verify_hostname})) {
+       if (scalar(keys $param{cached_fingerprints}->%*) > 0) {
+           # purely trust the configured fingerprints, by default
+           $ssl_opts->{verify_hostname} = 0;
+       } else {
+           # no fingerprints passed, enforce hostname verification, by default
+           $ssl_opts->{verify_hostname} = 1;
+       }
+    }
     # we can only really trust openssl result if it also verifies the hostname,
     # else it's easy to intercept (MITM using valid Lets Encrypt)
     my $trust_openssl = $ssl_opts->{verify_hostname} ? 1 : 0;