From 53b67cf53ae755b09e315a3bd30e87b66c4ea769 Mon Sep 17 00:00:00 2001 From: jsing <> Date: Wed, 11 Feb 2015 07:01:10 +0000 Subject: Provide a tls_connect_servername() function that has the same behaviour as tls_connect(), however allows the name to use for verification to be explicitly provided, rather than being inferred from the host value. Requested by reyk@ ok reyk@ tedu@ --- src/lib/libtls/tls_client.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) (limited to 'src/lib/libtls/tls_client.c') diff --git a/src/lib/libtls/tls_client.c b/src/lib/libtls/tls_client.c index baa4805f57..682153ca65 100644 --- a/src/lib/libtls/tls_client.c +++ b/src/lib/libtls/tls_client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls_client.c,v 1.14 2015/02/11 06:46:33 jsing Exp $ */ +/* $OpenBSD: tls_client.c,v 1.15 2015/02/11 07:01:10 jsing Exp $ */ /* * Copyright (c) 2014 Joel Sing * @@ -82,6 +82,13 @@ tls_connect_host(struct tls *ctx, const char *host, const char *port, int tls_connect(struct tls *ctx, const char *host, const char *port) +{ + return tls_connect_servername(ctx, host, port, NULL); +} + +int +tls_connect_servername(struct tls *ctx, const char *host, const char *port, + const char *servername) { const char *h = NULL, *p = NULL; char *hs = NULL, *ps = NULL; @@ -128,7 +135,10 @@ tls_connect(struct tls *ctx, const char *host, const char *port) (s = tls_connect_host(ctx, h, p, AF_UNSPEC, AI_ADDRCONFIG)) == -1) goto err; - if (tls_connect_socket(ctx, s, h) != 0) { + if (servername == NULL) + servername = h; + + if (tls_connect_socket(ctx, s, servername) != 0) { close(s); goto err; } @@ -136,7 +146,6 @@ tls_connect(struct tls *ctx, const char *host, const char *port) rv = 0; err: - free(hs); free(ps); -- cgit v1.2.3-55-g6feb