mirror/mongoose
1
0
Fork 0
mirror of https://github.com/cesanta/mongoose.git synced 2025-06-07 17:42:30 +08:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity

Add host name verification for OpenSSL

Browse Source 
Closes https://github.com/cesanta/mongoose/pull/955

CL: mg: Add host name verification for OpenSSL

PUBLISHED_FROM=e35dd636ba7ce63116f0a38031074d22f6cd5dac
This commit is contained in:
Deomid Ryabkov 2018-08-10 14:31:21 +03:00 committed by Cesanta Bot
parent ac6ec15aed
commit 86b8a56b05
2 changed files with 22 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
mongoose.c
View File

@ -4425,6 +4425,9 @@ struct mg_iface *mg_socks_mk_iface(struct mg_mgr *mgr, const char *proxy_addr) {
#endif #endif
#include <openssl/ssl.h> #include <openssl/ssl.h>
#ifndef KR_VERSION
#include <openssl/tls1.h>
#endif
struct mg_ssl_if_ctx { struct mg_ssl_if_ctx {
SSL *ssl; SSL *ssl;
@ -4509,14 +4512,6 @@ enum mg_ssl_if_result mg_ssl_if_conn_init(
return MG_SSL_ERROR; return MG_SSL_ERROR;
} }
if (params->server_name != NULL) {
#ifdef KR_VERSION
SSL_CTX_kr_set_verify_name(ctx->ssl_ctx, params->server_name);
#else
/* TODO(rojer): Implement server name verification on OpenSSL. */
#endif
}
if (mg_set_cipher_list(ctx->ssl_ctx, params->cipher_suites) != MG_SSL_OK) { if (mg_set_cipher_list(ctx->ssl_ctx, params->cipher_suites) != MG_SSL_OK) {
MG_SET_PTRPTR(err_msg, "Invalid cipher suite list"); MG_SET_PTRPTR(err_msg, "Invalid cipher suite list");
return MG_SSL_ERROR; return MG_SSL_ERROR;
@ -4535,6 +4530,14 @@ enum mg_ssl_if_result mg_ssl_if_conn_init(
return MG_SSL_ERROR; return MG_SSL_ERROR;
} }
if (params->server_name != NULL) {
#ifdef KR_VERSION
SSL_CTX_kr_set_verify_name(ctx->ssl_ctx, params->server_name);
#else
SSL_set_tlsext_host_name(ctx->ssl, params->server_name);
#endif
}
nc->flags |= MG_F_SSL; nc->flags |= MG_F_SSL;
return MG_SSL_OK; return MG_SSL_OK;

19
src/mg_ssl_if_openssl.c
View File

@ -10,6 +10,9 @@
#endif #endif
#include <openssl/ssl.h> #include <openssl/ssl.h>
#ifndef KR_VERSION
#include <openssl/tls1.h>
#endif
struct mg_ssl_if_ctx { struct mg_ssl_if_ctx {
SSL *ssl; SSL *ssl;
@ -94,14 +97,6 @@ enum mg_ssl_if_result mg_ssl_if_conn_init(
return MG_SSL_ERROR; return MG_SSL_ERROR;
} }
if (params->server_name != NULL) {
#ifdef KR_VERSION
SSL_CTX_kr_set_verify_name(ctx->ssl_ctx, params->server_name);
#else
/* TODO(rojer): Implement server name verification on OpenSSL. */
#endif
}
if (mg_set_cipher_list(ctx->ssl_ctx, params->cipher_suites) != MG_SSL_OK) { if (mg_set_cipher_list(ctx->ssl_ctx, params->cipher_suites) != MG_SSL_OK) {
MG_SET_PTRPTR(err_msg, "Invalid cipher suite list"); MG_SET_PTRPTR(err_msg, "Invalid cipher suite list");
return MG_SSL_ERROR; return MG_SSL_ERROR;
@ -120,6 +115,14 @@ enum mg_ssl_if_result mg_ssl_if_conn_init(
return MG_SSL_ERROR; return MG_SSL_ERROR;
} }
if (params->server_name != NULL) {
#ifdef KR_VERSION
SSL_CTX_kr_set_verify_name(ctx->ssl_ctx, params->server_name);
#else
SSL_set_tlsext_host_name(ctx->ssl, params->server_name);
#endif
}
nc->flags |= MG_F_SSL; nc->flags |= MG_F_SSL;
return MG_SSL_OK; return MG_SSL_OK;