BoringSSL: provide X509_VERYFY_PARAM_Set1_host length

X509_VERYFY_PARAM_Set1_host of openSSL allows the third argument, which is the length of the hostname string, to be 0. Then, it assumes hostname is a null-terminated C string. BoringSSL enforces the actual length to be specified, and the hostname string should end with a null char. Just provide the length, making both OpenSSL and BoringSSL happy.
2025-03-09 00:00:04 +01:00 · 2020-04-29 12:18:41 -07:00 · 2020-04-29 12:18:41 -07:00 · a9275d8dea
commit a9275d8dea
parent abf3875d78
1 changed files with 4 additions and 2 deletions
--- a/lib/tls/openssl/openssl-client.c
+++ b/lib/tls/openssl/openssl-client.c
@ -21,6 +21,7 @@
 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
 * IN THE SOFTWARE.
 */
+#include <string.h>

 #include "private-lib-core.h"
 #include "private-lib-tls-openssl.h"
@ -194,9 +195,10 @@ lws_ssl_client_bio_create(struct lws *wsi)
 		X509_VERIFY_PARAM_set_hostflags(param,
 					X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS);
 #endif
-		// Handle the case where the hostname is an IP address.
+		/* Handle the case where the hostname is an IP address */
 		if (!X509_VERIFY_PARAM_set1_ip_asc(param, hostname))
-			X509_VERIFY_PARAM_set1_host(param, hostname, 0);
+			X509_VERIFY_PARAM_set1_host(param, hostname,
+					strnlen(hostname, sizeof(hostname)));
 	}
 #else
 	if (!(wsi->tls.use_ssl & LCCSCF_SKIP_SERVER_CERT_HOSTNAME_CHECK)) {