diff options
Diffstat (limited to 'tls_compat.c')
| -rw-r--r-- | tls_compat.c | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/tls_compat.c b/tls_compat.c index 94b2528..3a0242d 100644 --- a/tls_compat.c +++ b/tls_compat.c @@ -44,6 +44,7 @@ tls_config_new(void) SSL_CTX_set_options(ctx, SSL_OP_LEGACY_SERVER_CONNECT); SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL); + SSL_CTX_set_default_verify_paths(ctx); return config; } @@ -224,6 +225,32 @@ tls_handshake(tls_t ctx) } int +tls_verify_hostname(tls_t ctx, const char *hostname) +{ + X509 *cert; + long verify_result; + + if (global_tls_config == NULL || global_tls_config->noverifyname) + return 0; + + verify_result = SSL_get_verify_result(ctx->ssl); + if (verify_result != X509_V_OK) + return -1; + + cert = SSL_get_peer_certificate(ctx->ssl); + if (cert == NULL) + return -1; + + if (X509_check_host(cert, hostname, 0, 0, NULL) != 1) { + X509_free(cert); + return -1; + } + + X509_free(cert); + return 0; +} + +int tls_read(tls_t ctx, void *buf, size_t buflen) { return SSL_read(ctx->ssl, buf, buflen); |