1
0
mirror of https://github.com/unrealircd/unrealircd.git synced 2026-07-02 04:06:38 +02:00

Add SNI support. Verify TLS certificate belongs to the host.

(Those were items 7 and 8 on the previously mentioned TODO list)
This commit is contained in:
Bram Matthys
2021-08-21 13:30:36 +02:00
parent 6a6f4120ee
commit fe08d58dbc
+9 -1
View File
@@ -251,7 +251,7 @@ void unreal_https_connect_handshake(int fd, int revents, void *data)
SSL_set_fd(handle->ssl, handle->fd);
SSL_set_connect_state(handle->ssl);
SSL_set_nonblocking(handle->ssl);
// TODO SNI: SSL_set_tlsext_host_name(handle->ssl, hostname)
SSL_set_tlsext_host_name(handle->ssl, handle->hostname);
if (https_connect(handle) < 0)
{
@@ -314,6 +314,7 @@ void https_connect_retry(int fd, int revents, void *data)
int https_connect(Download *handle)
{
int ssl_err;
char *errstr;
if ((ssl_err = SSL_connect(handle->ssl)) <= 0)
{
@@ -345,6 +346,13 @@ int https_connect(Download *handle)
return -1;
}
/* We are connected now. */
if (!verify_certificate(handle->ssl, handle->hostname, &errstr))
{
https_cancel(handle, "TLS Certificate error for server: %s", errstr);
return -1;
}
https_connect_send_header(handle);
return 1;
}