diff options
| author | otto <> | 2019-11-04 19:17:28 +0000 |
|---|---|---|
| committer | otto <> | 2019-11-04 19:17:28 +0000 |
| commit | 651fd4ea3d7f2b4a6215363b8be40103ef4df363 (patch) | |
| tree | 0153e6556c7bb6c2e9284bae4acbf21702dd17e1 /src/lib | |
| parent | fa5fe6563928db24cc10e559d856643cc57ebc48 (diff) | |
| download | openbsd-651fd4ea3d7f2b4a6215363b8be40103ef4df363.tar.gz openbsd-651fd4ea3d7f2b4a6215363b8be40103ef4df363.tar.bz2 openbsd-651fd4ea3d7f2b4a6215363b8be40103ef4df363.zip | |
Allow ip addresses as argument to SSL_set1_host() but be careful to not
poison the context. ok and help jsing@ tb@
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/libssl/ssl_lib.c | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c index bf370cbfb2..32c1aef017 100644 --- a/src/lib/libssl/ssl_lib.c +++ b/src/lib/libssl/ssl_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_lib.c,v 1.205 2019/05/15 09:13:16 bcook Exp $ */ | 1 | /* $OpenBSD: ssl_lib.c,v 1.206 2019/11/04 19:17:28 otto Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -140,6 +140,10 @@ | |||
| 140 | * OTHERWISE. | 140 | * OTHERWISE. |
| 141 | */ | 141 | */ |
| 142 | 142 | ||
| 143 | #include <arpa/inet.h> | ||
| 144 | #include <sys/socket.h> | ||
| 145 | #include <netinet/in.h> | ||
| 146 | |||
| 143 | #include <stdio.h> | 147 | #include <stdio.h> |
| 144 | 148 | ||
| 145 | #include "ssl_locl.h" | 149 | #include "ssl_locl.h" |
| @@ -456,7 +460,15 @@ SSL_set_trust(SSL *s, int trust) | |||
| 456 | int | 460 | int |
| 457 | SSL_set1_host(SSL *s, const char *hostname) | 461 | SSL_set1_host(SSL *s, const char *hostname) |
| 458 | { | 462 | { |
| 459 | return X509_VERIFY_PARAM_set1_host(s->param, hostname, 0); | 463 | struct in_addr ina; |
| 464 | struct in6_addr in6a; | ||
| 465 | |||
| 466 | if (hostname != NULL && *hostname != '\0' && | ||
| 467 | (inet_pton(AF_INET, hostname, &ina) == 1 || | ||
| 468 | inet_pton(AF_INET6, hostname, &in6a) == 1)) | ||
| 469 | return X509_VERIFY_PARAM_set1_ip_asc(s->param, hostname); | ||
| 470 | else | ||
| 471 | return X509_VERIFY_PARAM_set1_host(s->param, hostname, 0); | ||
| 460 | } | 472 | } |
| 461 | 473 | ||
| 462 | X509_VERIFY_PARAM * | 474 | X509_VERIFY_PARAM * |