wrapper: introduce X509_VERIFY_PARAM_set1_host
This lets the user code set the mbedtls hostname using the standard OpenSSL api semantics.
This commit is contained in:
parent
43b3141f93
commit
14cc31fe7d
2 changed files with 42 additions and 0 deletions
|
@ -1522,6 +1522,20 @@ int SSL_get_verify_mode(const SSL *ssl);
|
|||
*/
|
||||
X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl);
|
||||
|
||||
/**
|
||||
* @brief set expected hostname the peer cert CN should have
|
||||
*
|
||||
* @param param - verify parameters from SSL_get0_param()
|
||||
*
|
||||
* @param name - the expected hostname
|
||||
*
|
||||
* @param namelen - the length of the hostname, or 0 if NUL terminated
|
||||
*
|
||||
* @return verify parameters
|
||||
*/
|
||||
int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param,
|
||||
const char *name, size_t namelen);
|
||||
|
||||
/**
|
||||
* @brief get SSL write only IO handle
|
||||
*
|
||||
|
|
|
@ -659,3 +659,31 @@ long ssl_pm_get_verify_result(const SSL *ssl)
|
|||
|
||||
return verify_result;
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief set expected hostname on peer cert CN
|
||||
*/
|
||||
|
||||
int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param,
|
||||
const char *name, size_t namelen)
|
||||
{
|
||||
SSL *ssl = (SSL *)((char *)param - offsetof(SSL, param));
|
||||
struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm;
|
||||
char *name_cstr;
|
||||
|
||||
if (namelen) {
|
||||
name_cstr = malloc(namelen + 1);
|
||||
if (!name_cstr)
|
||||
return 0;
|
||||
memcpy(name_cstr, name, namelen);
|
||||
name_cstr[namelen] = '\0';
|
||||
name = name_cstr;
|
||||
}
|
||||
|
||||
mbedtls_ssl_set_hostname(&ssl_pm->ssl, name);
|
||||
|
||||
if (namelen)
|
||||
free(name_cstr);
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
|
Loading…
Add table
Reference in a new issue