1
0
Fork 0
mirror of https://github.com/warmcat/libwebsockets.git synced 2025-03-16 00:00:07 +01:00

wrapper: introduce X509_VERIFY_PARAM_set1_host

This lets the user code set the mbedtls hostname using the standard OpenSSL
api semantics.
This commit is contained in:
Andy Green 2017-09-09 08:26:35 +08:00
parent 43b3141f93
commit 14cc31fe7d
2 changed files with 42 additions and 0 deletions

View file

@ -1522,6 +1522,20 @@ int SSL_get_verify_mode(const SSL *ssl);
*/
X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl);
/**
* @brief set expected hostname the peer cert CN should have
*
* @param param - verify parameters from SSL_get0_param()
*
* @param name - the expected hostname
*
* @param namelen - the length of the hostname, or 0 if NUL terminated
*
* @return verify parameters
*/
int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param,
const char *name, size_t namelen);
/**
* @brief get SSL write only IO handle
*

View file

@ -659,3 +659,31 @@ long ssl_pm_get_verify_result(const SSL *ssl)
return verify_result;
}
/**
* @brief set expected hostname on peer cert CN
*/
int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param,
const char *name, size_t namelen)
{
SSL *ssl = (SSL *)((char *)param - offsetof(SSL, param));
struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm;
char *name_cstr;
if (namelen) {
name_cstr = malloc(namelen + 1);
if (!name_cstr)
return 0;
memcpy(name_cstr, name, namelen);
name_cstr[namelen] = '\0';
name = name_cstr;
}
mbedtls_ssl_set_hostname(&ssl_pm->ssl, name);
if (namelen)
free(name_cstr);
return 1;
}