Codebase list httping / a5a4c94
Merge pull request #31 from cxmcc/master Catch SSL hostname mismatches. Folkert van Heusden authored 6 years ago GitHub committed 6 years ago
3 changed file(s) with 6 addition(s) and 3 deletion(s). Raw diff Collapse all Expand all
17671767 #ifndef NO_SSL
17681768 if (use_ssl && ssl_h == NULL)
17691769 {
1770 int rc = connect_ssl(fd, client_ctx, &ssl_h, &s_bio, timeout, &ssl_handshake);
1770 int rc = connect_ssl(fd, client_ctx, &ssl_h, &s_bio, timeout, &ssl_handshake, hostname);
17711771 if (rc == 0)
17721772 update_statst(&t_ssl, ssl_handshake);
17731773 else
184184 return cnt;
185185 }
186186
187 int connect_ssl(const int fd, SSL_CTX *const client_ctx, SSL **const ssl_h, BIO **const s_bio, const double timeout, double *const ssl_handshake)
187 int connect_ssl(const int fd, SSL_CTX *const client_ctx, SSL **const ssl_h, BIO **const s_bio, const double timeout, double *const ssl_handshake, char *const hostname)
188188 {
189189 double dstart = get_ts();
190190 double end = get_ts() + timeout;
208208 }
209209
210210 *ssl_h = SSL_new(client_ctx);
211
212 X509_VERIFY_PARAM *param = SSL_get0_param(*ssl_h);
213 X509_VERIFY_PARAM_set1_host(param, hostname, 0);
211214
212215 *s_bio = BIO_new_socket(fd, BIO_NOCLOSE);
213216 SSL_set_bio(*ssl_h, *s_bio, *s_bio);
88 int close_ssl_connection(SSL *const ssl_h);
99 int READ_SSL(SSL *const ssl_h, char *whereto, int len, const double timeout);
1010 int WRITE_SSL(SSL *const ssl_h, const char *whereto, int len, const double timeout);
11 int connect_ssl(const int fd, SSL_CTX *const client_ctx, SSL **const ssl_h, BIO **const s_bio, const double timeout, double *const ssl_handshake);
11 int connect_ssl(const int fd, SSL_CTX *const client_ctx, SSL **const ssl_h, BIO **const s_bio, const double timeout, double *const ssl_handshake, char *const hostname);
1212 SSL_CTX * initialize_ctx(const char ask_compression, const char *ca_path);
1313 char * get_fingerprint(SSL *const ssl_h);
1414 int connect_ssl_proxy(const int fd, struct addrinfo *const ai, const double timeout, const char *const proxy_user, const char *const proxy_password, const char *const hostname, const int portnr, char *const tfo);