From 3e18624e953b3e767a43a5915cdebcbcc1d48c7a Mon Sep 17 00:00:00 2001
From: tb <>
Date: Tue, 26 Jan 2021 18:43:41 +0000
Subject: Prepare to provide SSL_set_hostflags()

Yet another one of these X509_VERIFY_PARAM reacharounds into
libcrypto. Recently found in imapfilter, also used elsewhere.
Will be made publicly visible with the next minor bump.

ok jsing
---
 src/lib/libssl/ssl.h     | 3 ++-
 src/lib/libssl/ssl_lib.c | 8 +++++++-
 2 files changed, 9 insertions(+), 2 deletions(-)

(limited to 'src/lib')

diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index a6ac6a1825..425ba50c14 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl.h,v 1.179 2020/10/14 16:49:57 jsing Exp $ */
+/* $OpenBSD: ssl.h,v 1.180 2021/01/26 18:43:41 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1444,6 +1444,7 @@ int SSL_CTX_set_trust(SSL_CTX *s, int trust);
 int SSL_set_trust(SSL *s, int trust);
 int SSL_set1_host(SSL *s, const char *hostname);
 #if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL)
+void SSL_set_hostflags(SSL *s, unsigned int flags);
 const char *SSL_get0_peername(SSL *s);
 #endif
 
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index e0e0ae4ff1..3a69adbc27 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.241 2021/01/26 14:22:19 jsing Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.242 2021/01/26 18:43:41 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -469,6 +469,12 @@ SSL_set1_host(SSL *s, const char *hostname)
 		return X509_VERIFY_PARAM_set1_host(s->param, hostname, 0);
 }
 
+void
+SSL_set_hostflags(SSL *s, unsigned int flags)
+{
+	X509_VERIFY_PARAM_set_hostflags(s->param, flags);
+}
+
 const char *
 SSL_get0_peername(SSL *s)
 {
-- 
cgit v1.2.3-55-g6feb