wolfssl: enable CN validation

author Eneas U de Queiroz <cotequeiroz@gmail.com>

Thu, 19 Sep 2019 02:18:03 +0000 (23:18 -0300)

committer Hauke Mehrtens <hauke@hauke-m.de>

Fri, 20 Sep 2019 18:48:34 +0000 (20:48 +0200)
author Eneas U de Queiroz <cotequeiroz@gmail.com>
Thu, 19 Sep 2019 02:18:03 +0000 (23:18 -0300)
committer Hauke Mehrtens <hauke@hauke-m.de>
Fri, 20 Sep 2019 18:48:34 +0000 (20:48 +0200)
diff --git a/CMakeLists.txt b/CMakeLists.txt

index 6b3fc8cec8a4ec881fb467fbba461295f786fda2..86e1b07886139c90f3e8b3f5cc4059a27bb8ed28 100644 (file)
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -21,6 +21,12 @@ ELSEIF(WOLFSSL)
    IF (NOT HAVE_WOLFSSL_SSLSETIORECV)
      ADD_DEFINITIONS(-DNO_WOLFSSL_SSLSETIO_SEND_RECV)
    ENDIF()
+  CHECK_SYMBOL_EXISTS (wolfSSL_X509_check_host
+                      "wolfssl/options.h;wolfssl/ssl.h"
+                      HAVE_WOLFSSL_X509_CHECK_HOST)
+  IF (NOT HAVE_WOLFSSL_X509_CHECK_HOST)
+    ADD_DEFINITIONS(-DNO_X509_CHECK_HOST)
+  ENDIF()
  ELSE()
    SET(SSL_SRC ustream-io-openssl.c ustream-openssl.c)
    SET(SSL_LIB crypto ssl)
diff --git a/ustream-openssl.c b/ustream-openssl.c

index 21abf612ef18ae5098aeec099c40f79bf230d785..c8306184d2dff71a99aaa85ed46577c123158890 100644 (file)
--- a/ustream-openssl.c
+++ b/ustream-openssl.c
@@ -203,7 +203,7 @@ static void ustream_ssl_error(struct ustream_ssl *us, int ret)
         uloop_timeout_set(&us->error_timer, 0);
  }
  
-#ifndef WOLFSSL_OPENSSL_H_
+#ifndef NO_X509_CHECK_HOST
  
  static bool ustream_ssl_verify_cn(struct ustream_ssl *us, X509 *cert)
  {
@@ -212,10 +212,15 @@ static bool ustream_ssl_verify_cn(struct ustream_ssl *us, X509 *cert)
         if (!us->peer_cn)
                 return false;
  
+# ifndef WOLFSSL_OPENSSL_H_
         ret = X509_check_host(cert, us->peer_cn, 0, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS, NULL);
+# else
+       ret = wolfSSL_X509_check_host(cert, us->peer_cn, 0, 0, NULL);
+# endif
         return ret == 1;
  }
  
+#endif
  
  static void ustream_ssl_verify_cert(struct ustream_ssl *us)
  {
@@ -235,11 +240,12 @@ static void ustream_ssl_verify_cert(struct ustream_ssl *us)
                 return;
  
         us->valid_cert = true;
+#ifndef NO_X509_CHECK_HOST
         us->valid_cn = ustream_ssl_verify_cn(us, cert);
+#endif
         X509_free(cert);
  }
  
-#endif
  
  __hidden enum ssl_conn_status __ustream_ssl_connect(struct ustream_ssl *us)
  {
@@ -252,9 +258,7 @@ __hidden enum ssl_conn_status __ustream_ssl_connect(struct ustream_ssl *us)
                 r = SSL_connect(ssl);
  
         if (r == 1) {
-#ifndef WOLFSSL_OPENSSL_H_
                 ustream_ssl_verify_cert(us);
-#endif
                 return U_SSL_OK;
         }
author	Eneas U de Queiroz <cotequeiroz@gmail.com>
	Thu, 19 Sep 2019 02:18:03 +0000 (23:18 -0300)
committer	Hauke Mehrtens <hauke@hauke-m.de>
	Fri, 20 Sep 2019 18:48:34 +0000 (20:48 +0200)
CMakeLists.txt		patch \| blob \| history
ustream-openssl.c		patch \| blob \| history