diff --git a/lib/mbedtls_wrapper/include/openssl/ssl.h b/lib/mbedtls_wrapper/include/openssl/ssl.h index d9f8b4c9..9afa0628 100755 --- a/lib/mbedtls_wrapper/include/openssl/ssl.h +++ b/lib/mbedtls_wrapper/include/openssl/ssl.h @@ -1522,6 +1522,20 @@ int SSL_get_verify_mode(const SSL *ssl); */ X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl); +/** + * @brief set expected hostname the peer cert CN should have + * + * @param param - verify parameters from SSL_get0_param() + * + * @param name - the expected hostname + * + * @param namelen - the length of the hostname, or 0 if NUL terminated + * + * @return verify parameters + */ +int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param, + const char *name, size_t namelen); + /** * @brief get SSL write only IO handle * diff --git a/lib/mbedtls_wrapper/platform/ssl_pm.c b/lib/mbedtls_wrapper/platform/ssl_pm.c index 54319d25..3350180b 100755 --- a/lib/mbedtls_wrapper/platform/ssl_pm.c +++ b/lib/mbedtls_wrapper/platform/ssl_pm.c @@ -659,3 +659,31 @@ long ssl_pm_get_verify_result(const SSL *ssl) return verify_result; } + +/** + * @brief set expected hostname on peer cert CN + */ + +int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param, + const char *name, size_t namelen) +{ + SSL *ssl = (SSL *)((char *)param - offsetof(SSL, param)); + struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm; + char *name_cstr; + + if (namelen) { + name_cstr = malloc(namelen + 1); + if (!name_cstr) + return 0; + memcpy(name_cstr, name, namelen); + name_cstr[namelen] = '\0'; + name = name_cstr; + } + + mbedtls_ssl_set_hostname(&ssl_pm->ssl, name); + + if (namelen) + free(name_cstr); + + return 1; +}