From 651fd4ea3d7f2b4a6215363b8be40103ef4df363 Mon Sep 17 00:00:00 2001
From: otto <>
Date: Mon, 4 Nov 2019 19:17:28 +0000
Subject: Allow ip addresses as argument to SSL_set1_host() but be careful to
 not poison the context. ok and help jsing@ tb@

---
 src/lib/libssl/ssl_lib.c | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

(limited to 'src/lib')

diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index bf370cbfb2..32c1aef017 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.205 2019/05/15 09:13:16 bcook Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.206 2019/11/04 19:17:28 otto Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -140,6 +140,10 @@
  * OTHERWISE.
  */
 
+#include <arpa/inet.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+
 #include <stdio.h>
 
 #include "ssl_locl.h"
@@ -456,7 +460,15 @@ SSL_set_trust(SSL *s, int trust)
 int
 SSL_set1_host(SSL *s, const char *hostname)
 {
-	return X509_VERIFY_PARAM_set1_host(s->param, hostname, 0);
+	struct in_addr ina;
+	struct in6_addr in6a;
+	
+	if (hostname != NULL && *hostname != '\0' &&
+	    (inet_pton(AF_INET, hostname, &ina) == 1 ||
+	    inet_pton(AF_INET6, hostname, &in6a) == 1))
+		return X509_VERIFY_PARAM_set1_ip_asc(s->param, hostname);
+	else
+		return X509_VERIFY_PARAM_set1_host(s->param, hostname, 0);
 }
 
 X509_VERIFY_PARAM *
-- 
cgit v1.2.3-55-g6feb