1 files changed, 15 insertions, 15 deletions
diff --git a/src/lib/libtls/tls_client.c b/src/lib/libtls/tls_client.c
index 907c334f15..baa4805f57 100644
--- a/src/lib/libtls/tls_client.c
+++ b/src/lib/libtls/tls_client.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_client.c,v 1.13 2015/02/09 09:23:39 reyk Exp $ */
+/* $OpenBSD: tls_client.c,v 1.14 2015/02/11 06:46:33 jsing Exp $ */
 /*
 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
 *
@@ -144,16 +144,16 @@ err:
 }
 int
-tls_connect_socket(struct tls *ctx, int s, const char *hostname)
+tls_connect_socket(struct tls *ctx, int s, const char *servername)
 {
        ctx->socket = s;
-        return tls_connect_fds(ctx, s, s, hostname);
+        return tls_connect_fds(ctx, s, s, servername);
 }
 int
 tls_connect_fds(struct tls *ctx, int fd_read, int fd_write,
-    const char *hostname)
+    const char *servername)
 {
        union { struct in_addr ip4; struct in6_addr ip6; } addrbuf;
        X509 *cert = NULL;
@@ -180,8 +180,8 @@ tls_connect_fds(struct tls *ctx, int fd_read, int fd_write,
        if (tls_configure_ssl(ctx) != 0)
                goto err;
-        if (ctx->config->verify_host) {
+        if (ctx->config->verify_name) {
-                if (hostname == NULL) {
+                if (servername == NULL) {
                        tls_set_error(ctx, "server name not specified");
                        goto err;
                }
@@ -226,11 +226,11 @@ tls_connect_fds(struct tls *ctx, int fd_read, int fd_write,
         * RFC4366 (SNI): Literal IPv4 and IPv6 addresses are not
         * permitted in "HostName".
         */
-        if (hostname != NULL &&
+        if (servername != NULL &&
-            inet_pton(AF_INET, hostname, &addrbuf) != 1 &&
+            inet_pton(AF_INET, servername, &addrbuf) != 1 &&
-            inet_pton(AF_INET6, hostname, &addrbuf) != 1) {
+            inet_pton(AF_INET6, servername, &addrbuf) != 1) {
-                if (SSL_set_tlsext_host_name(ctx->ssl_conn, hostname) == 0) {
+                if (SSL_set_tlsext_host_name(ctx->ssl_conn, servername) == 0) {
-                        tls_set_error(ctx, "SNI host name failed");
+                        tls_set_error(ctx, "server name indication failure");
                        goto err;
                }
        }
@@ -246,16 +246,16 @@ tls_connect_fds(struct tls *ctx, int fd_read, int fd_write,
        }
        ctx->flags &= ~TLS_CONNECTING;
-        if (ctx->config->verify_host) {
+        if (ctx->config->verify_name) {
                cert = SSL_get_peer_certificate(ctx->ssl_conn);
                if (cert == NULL) {
                        tls_set_error(ctx, "no server certificate");
                        goto err;
                }
-                if ((ret = tls_check_hostname(ctx, cert, hostname)) != 0) {
+                if ((ret = tls_check_servername(ctx, cert, servername)) != 0) {
                        if (ret != -2)
-                                tls_set_error(ctx, "host `%s' not present in"
+                                tls_set_error(ctx, "name `%s' not present in"
-                                    " server certificate", hostname);
+                                    " server certificate", servername);
                        goto err;
                }
        }

diff --git a/src/lib/libtls/tls_client.c b/src/lib/libtls/tls_client.c index 907c334f15..baa4805f57 100644 --- a/src/lib/libtls/tls_client.c +++ b/src/lib/libtls/tls_client.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls_client.c,v 1.13 2015/02/09 09:23:39 reyk Exp $ */	1	/* $OpenBSD: tls_client.c,v 1.14 2015/02/11 06:46:33 jsing Exp $ */
2	/*	2	/*
3	* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
4	*	4	*
@@ -144,16 +144,16 @@ err:
144	}	144	}
145		145
146	int	146	int
147	tls_connect_socket(struct tls ctx, int s, const char hostname)	147	tls_connect_socket(struct tls ctx, int s, const char servername)
148	{	148	{
149	ctx->socket = s;	149	ctx->socket = s;
150		150
151	return tls_connect_fds(ctx, s, s, hostname);	151	return tls_connect_fds(ctx, s, s, servername);
152	}	152	}
153		153
154	int	154	int
155	tls_connect_fds(struct tls *ctx, int fd_read, int fd_write,	155	tls_connect_fds(struct tls *ctx, int fd_read, int fd_write,
156	const char *hostname)	156	const char *servername)
157	{	157	{
158	union { struct in_addr ip4; struct in6_addr ip6; } addrbuf;	158	union { struct in_addr ip4; struct in6_addr ip6; } addrbuf;
159	X509 *cert = NULL;	159	X509 *cert = NULL;
@@ -180,8 +180,8 @@ tls_connect_fds(struct tls *ctx, int fd_read, int fd_write,
180	if (tls_configure_ssl(ctx) != 0)	180	if (tls_configure_ssl(ctx) != 0)
181	goto err;	181	goto err;
182		182
183	if (ctx->config->verify_host) {	183	if (ctx->config->verify_name) {
184	if (hostname == NULL) {	184	if (servername == NULL) {
185	tls_set_error(ctx, "server name not specified");	185	tls_set_error(ctx, "server name not specified");
186	goto err;	186	goto err;
187	}	187	}
@@ -226,11 +226,11 @@ tls_connect_fds(struct tls *ctx, int fd_read, int fd_write,
226	* RFC4366 (SNI): Literal IPv4 and IPv6 addresses are not	226	* RFC4366 (SNI): Literal IPv4 and IPv6 addresses are not
227	* permitted in "HostName".	227	* permitted in "HostName".
228	*/	228	*/
229	if (hostname != NULL &&	229	if (servername != NULL &&
230	inet_pton(AF_INET, hostname, &addrbuf) != 1 &&	230	inet_pton(AF_INET, servername, &addrbuf) != 1 &&
231	inet_pton(AF_INET6, hostname, &addrbuf) != 1) {	231	inet_pton(AF_INET6, servername, &addrbuf) != 1) {
232	if (SSL_set_tlsext_host_name(ctx->ssl_conn, hostname) == 0) {	232	if (SSL_set_tlsext_host_name(ctx->ssl_conn, servername) == 0) {
233	tls_set_error(ctx, "SNI host name failed");	233	tls_set_error(ctx, "server name indication failure");
234	goto err;	234	goto err;
235	}	235	}
236	}	236	}
@@ -246,16 +246,16 @@ tls_connect_fds(struct tls *ctx, int fd_read, int fd_write,
246	}	246	}
247	ctx->flags &= ~TLS_CONNECTING;	247	ctx->flags &= ~TLS_CONNECTING;
248		248
249	if (ctx->config->verify_host) {	249	if (ctx->config->verify_name) {
250	cert = SSL_get_peer_certificate(ctx->ssl_conn);	250	cert = SSL_get_peer_certificate(ctx->ssl_conn);
251	if (cert == NULL) {	251	if (cert == NULL) {
252	tls_set_error(ctx, "no server certificate");	252	tls_set_error(ctx, "no server certificate");
253	goto err;	253	goto err;
254	}	254	}
255	if ((ret = tls_check_hostname(ctx, cert, hostname)) != 0) {	255	if ((ret = tls_check_servername(ctx, cert, servername)) != 0) {
256	if (ret != -2)	256	if (ret != -2)
257	tls_set_error(ctx, "host `%s' not present in"	257	tls_set_error(ctx, "name `%s' not present in"
258	" server certificate", hostname);	258	" server certificate", servername);
259	goto err;	259	goto err;
260	}	260	}
261	}	261	}