Prepare to provide SSL_get0_peername

This is a convenience reacharound to libcrypto that trivially wraps
X509_VERIFY_PARAM_get0_peername(). It is used by unbound 1.11.0 for
better logging.  As it's part of the API that landed with OpenSSL's
DANE, more recent postfix snapshots use it as well.

ok beck inoguchi jsing

2 files changed, 9 insertions, 2 deletions

diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index 093c4bde2d..ea1b9993df 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl.h,v 1.176 2020/09/19 10:12:06 tb Exp $ */
+/* $OpenBSD: ssl.h,v 1.177 2020/09/19 10:17:56 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1443,6 +1443,7 @@ int SSL_set_purpose(SSL *s, int purpose);
 int SSL_CTX_set_trust(SSL_CTX *s, int trust);
 int SSL_set_trust(SSL *s, int trust);
 int SSL_set1_host(SSL *s, const char *hostname);
+const char *SSL_get0_peername(SSL *s);
 
 X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx);
 int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm);
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index b04b67df41..65d5614bfb 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.232 2020/09/19 10:12:06 tb Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.233 2020/09/19 10:17:56 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -470,6 +470,12 @@ SSL_set1_host(SSL *s, const char *hostname)
                 return X509_VERIFY_PARAM_set1_host(s->param, hostname, 0);
 }
 
+const char *
+SSL_get0_peername(SSL *s)
+{
+        return X509_VERIFY_PARAM_get0_peername(s->param);
+}
+
 X509_VERIFY_PARAM *
 SSL_CTX_get0_param(SSL_CTX *ctx)
 {