Add host name verification for OpenSSL

Closes https://github.com/cesanta/mongoose/pull/955 CL: mg: Add host name verification for OpenSSL PUBLISHED_FROM=e35dd636ba7ce63116f0a38031074d22f6cd5dac

Add host name verification for OpenSSL
Closes https://github.com/cesanta/mongoose/pull/955 CL: mg: Add host name verification for OpenSSL PUBLISHED_FROM=e35dd636ba7ce63116f0a38031074d22f6cd5dac
86b8a56b · Deomid Ryabkov · Cesanta Bot · ac6ec15a · 86b8a56b · 86b8a56b
Commit 86b8a56b authored Aug 10, 2018 by Deomid Ryabkov Committed by Cesanta Bot Aug 13, 2018
Hide whitespace changes
Inline Side-by-side

Showing with 22 additions and 16 deletions

mongoose.c mongoose.c +11 -8

mg_ssl_if_openssl.c src/mg_ssl_if_openssl.c +11 -8

No files found.
--- a/mongoose.c
+++ b/mongoose.c
@@ -4425,6 +4425,9 @@ struct mg_iface *mg_socks_mk_iface(struct mg_mgr *mgr, const char *proxy_addr) {
 #endif

 #include <openssl/ssl.h>
+#ifndef KR_VERSION
+#include <openssl/tls1.h>
+#endif

 struct mg_ssl_if_ctx {
  SSL *ssl;
@@ -4509,14 +4512,6 @@ enum mg_ssl_if_result mg_ssl_if_conn_init(
    return MG_SSL_ERROR;
  }

-  if (params->server_name != NULL) {
-#ifdef KR_VERSION
-    SSL_CTX_kr_set_verify_name(ctx->ssl_ctx, params->server_name);
-#else
-/* TODO(rojer): Implement server name verification on OpenSSL. */
-#endif
-  }
-
  if (mg_set_cipher_list(ctx->ssl_ctx, params->cipher_suites) != MG_SSL_OK) {
    MG_SET_PTRPTR(err_msg, "Invalid cipher suite list");
    return MG_SSL_ERROR;
@@ -4535,6 +4530,14 @@ enum mg_ssl_if_result mg_ssl_if_conn_init(
    return MG_SSL_ERROR;
  }

+  if (params->server_name != NULL) {
+#ifdef KR_VERSION
+    SSL_CTX_kr_set_verify_name(ctx->ssl_ctx, params->server_name);
+#else
+    SSL_set_tlsext_host_name(ctx->ssl, params->server_name);
+#endif
+  }
+
  nc->flags |= MG_F_SSL;

  return MG_SSL_OK;

--- a/src/mg_ssl_if_openssl.c
+++ b/src/mg_ssl_if_openssl.c
@@ -10,6 +10,9 @@
 #endif

 #include <openssl/ssl.h>
+#ifndef KR_VERSION
+#include <openssl/tls1.h>
+#endif

 struct mg_ssl_if_ctx {
  SSL *ssl;
@@ -94,14 +97,6 @@ enum mg_ssl_if_result mg_ssl_if_conn_init(
    return MG_SSL_ERROR;
  }

-  if (params->server_name != NULL) {
-#ifdef KR_VERSION
-    SSL_CTX_kr_set_verify_name(ctx->ssl_ctx, params->server_name);
-#else
-/* TODO(rojer): Implement server name verification on OpenSSL. */
-#endif
-  }
-
  if (mg_set_cipher_list(ctx->ssl_ctx, params->cipher_suites) != MG_SSL_OK) {
    MG_SET_PTRPTR(err_msg, "Invalid cipher suite list");
    return MG_SSL_ERROR;
@@ -120,6 +115,14 @@ enum mg_ssl_if_result mg_ssl_if_conn_init(
    return MG_SSL_ERROR;
  }

+  if (params->server_name != NULL) {
+#ifdef KR_VERSION
+    SSL_CTX_kr_set_verify_name(ctx->ssl_ctx, params->server_name);
+#else
+    SSL_set_tlsext_host_name(ctx->ssl, params->server_name);
+#endif
+  }
+
  nc->flags |= MG_F_SSL;

  return MG_SSL_OK;