wrapper: introduce X509_VERIFY_PARAM_set1_host

This lets the user code set the mbedtls hostname using the standard OpenSSL api semantics.
2025-03-16 00:00:07 +01:00 · 2017-09-09 08:26:35 +08:00 · 2017-09-09 08:26:35 +08:00 · 14cc31fe7d
commit 14cc31fe7d
parent 43b3141f93
2 changed files with 42 additions and 0 deletions
--- a/lib/mbedtls_wrapper/include/openssl/ssl.h
+++ b/lib/mbedtls_wrapper/include/openssl/ssl.h
@ -1522,6 +1522,20 @@ int SSL_get_verify_mode(const SSL *ssl);
 */
 X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl);

+/**
+ * @brief set expected hostname the peer cert CN should have
+ *
+ * @param param - verify parameters from SSL_get0_param()
+ *
+ * @param name - the expected hostname
+ *
+ * @param namelen - the length of the hostname, or 0 if NUL terminated
+ *
+ * @return verify parameters
+ */
+int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param,
+                                const char *name, size_t namelen);
+
 /**
 * @brief get SSL write only IO handle
 *
--- a/lib/mbedtls_wrapper/platform/ssl_pm.c
+++ b/lib/mbedtls_wrapper/platform/ssl_pm.c
@ -659,3 +659,31 @@ long ssl_pm_get_verify_result(const SSL *ssl)

    return verify_result;
 }
+
+/**
+ * @brief set expected hostname on peer cert CN
+ */
+
+int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param,
+                                const char *name, size_t namelen)
+{
+	SSL *ssl = (SSL *)((char *)param - offsetof(SSL, param));
+	struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm;
+	char *name_cstr;
+
+	if (namelen) {
+		name_cstr = malloc(namelen + 1);
+		if (!name_cstr)
+			return 0;
+		memcpy(name_cstr, name, namelen);
+		name_cstr[namelen] = '\0';
+		name = name_cstr;
+	}
+
+	mbedtls_ssl_set_hostname(&ssl_pm->ssl, name);
+
+	if (namelen)
+		free(name_cstr);
+
+	return 1;
+}