diff options
| author | Otto Moerbeek <otto@cvs.openbsd.org> | 2019-11-04 19:17:29 +0000 |
|---|---|---|
| committer | Otto Moerbeek <otto@cvs.openbsd.org> | 2019-11-04 19:17:29 +0000 |
| commit | fed23313417b1ce525ab99a7dc66a5a75e80520d (patch) | |
| tree | 97fa4fdcd2d5834468f42ecd46a22c987d6c6085 /lib/libssl/ssl_lib.c | |
| parent | a02fd51df7bcf7fce882fbdf0b378cffdac2f01b (diff) | |
Allow ip addresses as argument to SSL_set1_host() but be careful to not
poison the context. ok and help jsing@ tb@
Diffstat (limited to 'lib/libssl/ssl_lib.c')
| -rw-r--r-- | lib/libssl/ssl_lib.c | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c index bf370cbfb24..32c1aef017c 100644 --- a/lib/libssl/ssl_lib.c +++ b/lib/libssl/ssl_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_lib.c,v 1.205 2019/05/15 09:13:16 bcook Exp $ */ +/* $OpenBSD: ssl_lib.c,v 1.206 2019/11/04 19:17:28 otto Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -140,6 +140,10 @@ * OTHERWISE. */ +#include <arpa/inet.h> +#include <sys/socket.h> +#include <netinet/in.h> + #include <stdio.h> #include "ssl_locl.h" @@ -456,7 +460,15 @@ SSL_set_trust(SSL *s, int trust) int SSL_set1_host(SSL *s, const char *hostname) { - return X509_VERIFY_PARAM_set1_host(s->param, hostname, 0); + struct in_addr ina; + struct in6_addr in6a; + + if (hostname != NULL && *hostname != '\0' && + (inet_pton(AF_INET, hostname, &ina) == 1 || + inet_pton(AF_INET6, hostname, &in6a) == 1)) + return X509_VERIFY_PARAM_set1_ip_asc(s->param, hostname); + else + return X509_VERIFY_PARAM_set1_host(s->param, hostname, 0); } X509_VERIFY_PARAM * |