From 86b8a56b053b0aa9a00a1cefc5cd2faeabcad40f Mon Sep 17 00:00:00 2001
From: Deomid Ryabkov <rojer@cesanta.com>
Date: Fri, 10 Aug 2018 14:31:21 +0300
Subject: [PATCH] Add host name verification for OpenSSL

Closes https://github.com/cesanta/mongoose/pull/955

CL: mg: Add host name verification for OpenSSL

PUBLISHED_FROM=e35dd636ba7ce63116f0a38031074d22f6cd5dac
---
 mongoose.c              | 19 +++++++++++--------
 src/mg_ssl_if_openssl.c | 19 +++++++++++--------
 2 files changed, 22 insertions(+), 16 deletions(-)

diff --git a/mongoose.c b/mongoose.c
index ddbed16bb..1088cbcf1 100644
--- a/mongoose.c
+++ b/mongoose.c
@@ -4425,6 +4425,9 @@ struct mg_iface *mg_socks_mk_iface(struct mg_mgr *mgr, const char *proxy_addr) {
 #endif
 
 #include <openssl/ssl.h>
+#ifndef KR_VERSION
+#include <openssl/tls1.h>
+#endif
 
 struct mg_ssl_if_ctx {
   SSL *ssl;
@@ -4509,14 +4512,6 @@ enum mg_ssl_if_result mg_ssl_if_conn_init(
     return MG_SSL_ERROR;
   }
 
-  if (params->server_name != NULL) {
-#ifdef KR_VERSION
-    SSL_CTX_kr_set_verify_name(ctx->ssl_ctx, params->server_name);
-#else
-/* TODO(rojer): Implement server name verification on OpenSSL. */
-#endif
-  }
-
   if (mg_set_cipher_list(ctx->ssl_ctx, params->cipher_suites) != MG_SSL_OK) {
     MG_SET_PTRPTR(err_msg, "Invalid cipher suite list");
     return MG_SSL_ERROR;
@@ -4535,6 +4530,14 @@ enum mg_ssl_if_result mg_ssl_if_conn_init(
     return MG_SSL_ERROR;
   }
 
+  if (params->server_name != NULL) {
+#ifdef KR_VERSION
+    SSL_CTX_kr_set_verify_name(ctx->ssl_ctx, params->server_name);
+#else
+    SSL_set_tlsext_host_name(ctx->ssl, params->server_name);
+#endif
+  }
+
   nc->flags |= MG_F_SSL;
 
   return MG_SSL_OK;
diff --git a/src/mg_ssl_if_openssl.c b/src/mg_ssl_if_openssl.c
index 2f3da5eac..ef8342fc3 100644
--- a/src/mg_ssl_if_openssl.c
+++ b/src/mg_ssl_if_openssl.c
@@ -10,6 +10,9 @@
 #endif
 
 #include <openssl/ssl.h>
+#ifndef KR_VERSION
+#include <openssl/tls1.h>
+#endif
 
 struct mg_ssl_if_ctx {
   SSL *ssl;
@@ -94,14 +97,6 @@ enum mg_ssl_if_result mg_ssl_if_conn_init(
     return MG_SSL_ERROR;
   }
 
-  if (params->server_name != NULL) {
-#ifdef KR_VERSION
-    SSL_CTX_kr_set_verify_name(ctx->ssl_ctx, params->server_name);
-#else
-/* TODO(rojer): Implement server name verification on OpenSSL. */
-#endif
-  }
-
   if (mg_set_cipher_list(ctx->ssl_ctx, params->cipher_suites) != MG_SSL_OK) {
     MG_SET_PTRPTR(err_msg, "Invalid cipher suite list");
     return MG_SSL_ERROR;
@@ -120,6 +115,14 @@ enum mg_ssl_if_result mg_ssl_if_conn_init(
     return MG_SSL_ERROR;
   }
 
+  if (params->server_name != NULL) {
+#ifdef KR_VERSION
+    SSL_CTX_kr_set_verify_name(ctx->ssl_ctx, params->server_name);
+#else
+    SSL_set_tlsext_host_name(ctx->ssl, params->server_name);
+#endif
+  }
+
   nc->flags |= MG_F_SSL;
 
   return MG_SSL_OK;
-- 
GitLab