Mirrors/libwebsockets
1
0
Fork 0
mirror of https://github.com/warmcat/libwebsockets.git synced 2025-03-09 00:00:04 +01:00
Code Issues Releases Wiki Activity

openssl: disallow client connections if X509_VERIFY_PARAM_set1_host absent from tls lib

Browse source 
https://github.com/warmcat/libwebsockets/issues/1827
This commit is contained in:
Andy Green 2020-01-16 19:51:44 +00:00
parent 3179323afa
commit de978800f0
1 changed files with 7 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
lib/tls/openssl/openssl-client.c
View file

@ -186,6 +186,13 @@ lws_ssl_client_bio_create(struct lws *wsi)
if (!X509_VERIFY_PARAM_set1_ip_asc(param, hostname))
X509_VERIFY_PARAM_set1_host(param, hostname, 0);
}
#else
if (!(wsi->tls.use_ssl & LCCSCF_SKIP_SERVER_CERT_HOSTNAME_CHECK)) {
lwsl_err("%s: your tls lib is too old to have "
"X509_VERIFY_PARAM_set1_host, failing all client tls\n",
__func__);
return -1;
}
#endif
#if !defined(USE_WOLFSSL)