From a775f57e4c2cdc0d9d374784c2087f09465a8a0b Mon Sep 17 00:00:00 2001
From: tb <>
Date: Sun, 11 Nov 2018 06:58:14 +0000
Subject: Add SSL_set1_host(), a thin wrapper around
 X509_VERIFY_PARAM_set1_host(). Used by unbound's DNS over TLS implementation
 to do server name verification.

ok jsing
---
 src/lib/libssl/Symbols.list | 1 +
 src/lib/libssl/ssl.h        | 3 ++-
 src/lib/libssl/ssl_lib.c    | 8 +++++++-
 3 files changed, 10 insertions(+), 2 deletions(-)

(limited to 'src')

diff --git a/src/lib/libssl/Symbols.list b/src/lib/libssl/Symbols.list
index c66024e21d..4508a362d1 100644
--- a/src/lib/libssl/Symbols.list
+++ b/src/lib/libssl/Symbols.list
@@ -244,6 +244,7 @@ SSL_rstate_string_long
 SSL_select_next_proto
 SSL_set1_groups
 SSL_set1_groups_list
+SSL_set1_host
 SSL_set1_param
 SSL_set_SSL_CTX
 SSL_set_accept_state
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index 4c8328fb80..ba5241850f 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl.h,v 1.161 2018/11/07 01:53:36 jsing Exp $ */
+/* $OpenBSD: ssl.h,v 1.162 2018/11/11 06:58:14 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1385,6 +1385,7 @@ int SSL_CTX_set_purpose(SSL_CTX *s, int purpose);
 int SSL_set_purpose(SSL *s, int purpose);
 int SSL_CTX_set_trust(SSL_CTX *s, int trust);
 int SSL_set_trust(SSL *s, int trust);
+int SSL_set1_host(SSL *s, const char *hostname);
 
 X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx);
 int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm);
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index 31d411c429..66e14b9816 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.192 2018/11/10 01:19:09 beck Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.193 2018/11/11 06:58:14 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -453,6 +453,12 @@ SSL_set_trust(SSL *s, int trust)
 	return (X509_VERIFY_PARAM_set_trust(s->param, trust));
 }
 
+int
+SSL_set1_host(SSL *s, const char *hostname)
+{
+	return X509_VERIFY_PARAM_set1_host(s->param, hostname, 0);
+}
+
 X509_VERIFY_PARAM *
 SSL_CTX_get0_param(SSL_CTX *ctx)
 {
-- 
cgit v1.2.3-55-g6feb