Honor hostname validation for openssl

2024-12-28 15:40:23 +08:00 · 2022-03-22 08:50:37 +00:00 · 2022-03-22 08:50:37 +00:00 · b78ced4fa9
commit b78ced4fa9
parent 1bc81df00e
2 changed files with 14 additions and 0 deletions
--- a/mongoose.c
+++ b/mongoose.c
@ -4588,6 +4588,13 @@ void mg_tls_init(struct mg_connection *c, struct mg_tls_opts *opts) {
 #endif
    }
  }
+  if (opts->srvname.len > 0) {
+    char mem[128], *buf = mem;
+    size_t len = mg_asprintf(&buf, sizeof(mem), "%.*s", (int) opts->srvname.len,
+                             opts->srvname.ptr);
+    X509_VERIFY_PARAM_set1_host(SSL_get0_param(tls->ssl), buf, len);
+    if (buf != mem) free(buf);
+  }
  if (opts->ciphers != NULL) SSL_set_cipher_list(tls->ssl, opts->ciphers);
  if (opts->srvname.len > 0) {
    char mem[128], *buf = mem;
--- a/src/tls_openssl.c
+++ b/src/tls_openssl.c
@ -88,6 +88,13 @@ void mg_tls_init(struct mg_connection *c, struct mg_tls_opts *opts) {
 #endif
    }
  }
+  if (opts->srvname.len > 0) {
+    char mem[128], *buf = mem;
+    size_t len = mg_asprintf(&buf, sizeof(mem), "%.*s", (int) opts->srvname.len,
+                             opts->srvname.ptr);
+    X509_VERIFY_PARAM_set1_host(SSL_get0_param(tls->ssl), buf, len);
+    if (buf != mem) free(buf);
+  }
  if (opts->ciphers != NULL) SSL_set_cipher_list(tls->ssl, opts->ciphers);
  if (opts->srvname.len > 0) {
    char mem[128], *buf = mem;