Merge pull request #31 from cxmcc/master
Catch SSL hostname mismatches.
Folkert van Heusden authored 6 years ago
GitHub committed 6 years ago
1767 | 1767 |
#ifndef NO_SSL
|
1768 | 1768 |
if (use_ssl && ssl_h == NULL)
|
1769 | 1769 |
{
|
1770 | |
int rc = connect_ssl(fd, client_ctx, &ssl_h, &s_bio, timeout, &ssl_handshake);
|
|
1770 |
int rc = connect_ssl(fd, client_ctx, &ssl_h, &s_bio, timeout, &ssl_handshake, hostname);
|
1771 | 1771 |
if (rc == 0)
|
1772 | 1772 |
update_statst(&t_ssl, ssl_handshake);
|
1773 | 1773 |
else
|
184 | 184 |
return cnt;
|
185 | 185 |
}
|
186 | 186 |
|
187 | |
int connect_ssl(const int fd, SSL_CTX *const client_ctx, SSL **const ssl_h, BIO **const s_bio, const double timeout, double *const ssl_handshake)
|
|
187 |
int connect_ssl(const int fd, SSL_CTX *const client_ctx, SSL **const ssl_h, BIO **const s_bio, const double timeout, double *const ssl_handshake, char *const hostname)
|
188 | 188 |
{
|
189 | 189 |
double dstart = get_ts();
|
190 | 190 |
double end = get_ts() + timeout;
|
|
208 | 208 |
}
|
209 | 209 |
|
210 | 210 |
*ssl_h = SSL_new(client_ctx);
|
|
211 |
|
|
212 |
X509_VERIFY_PARAM *param = SSL_get0_param(*ssl_h);
|
|
213 |
X509_VERIFY_PARAM_set1_host(param, hostname, 0);
|
211 | 214 |
|
212 | 215 |
*s_bio = BIO_new_socket(fd, BIO_NOCLOSE);
|
213 | 216 |
SSL_set_bio(*ssl_h, *s_bio, *s_bio);
|
8 | 8 |
int close_ssl_connection(SSL *const ssl_h);
|
9 | 9 |
int READ_SSL(SSL *const ssl_h, char *whereto, int len, const double timeout);
|
10 | 10 |
int WRITE_SSL(SSL *const ssl_h, const char *whereto, int len, const double timeout);
|
11 | |
int connect_ssl(const int fd, SSL_CTX *const client_ctx, SSL **const ssl_h, BIO **const s_bio, const double timeout, double *const ssl_handshake);
|
|
11 |
int connect_ssl(const int fd, SSL_CTX *const client_ctx, SSL **const ssl_h, BIO **const s_bio, const double timeout, double *const ssl_handshake, char *const hostname);
|
12 | 12 |
SSL_CTX * initialize_ctx(const char ask_compression, const char *ca_path);
|
13 | 13 |
char * get_fingerprint(SSL *const ssl_h);
|
14 | 14 |
int connect_ssl_proxy(const int fd, struct addrinfo *const ai, const double timeout, const char *const proxy_user, const char *const proxy_password, const char *const hostname, const int portnr, char *const tfo);
|