cgmnlm

Unnamed repository; edit this file 'description' to name the repository.
git clone git://code.clttr.info/cgmnlm.git
Log | Files | Refs | README | LICENSE

commit ce1ef1abde0d5519e0464f9326edea01b73a845f
parent 77de1bb2a84e0980d23b7fc2dda1480a1093ca21
Author: Drew DeVault <sir@cmpwn.com>
Date:   Sun, 27 Sep 2020 11:40:49 -0400

TOFU: verify hostnames

Diffstat:
Msrc/tofu.c | 9+++++++--
1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/src/tofu.c b/src/tofu.c @@ -6,6 +6,7 @@ #include <openssl/evp.h> #include <openssl/ssl.h> #include <openssl/x509.h> +#include <openssl/x509v3.h> #include <stdio.h> #include <string.h> #include <time.h> @@ -27,8 +28,6 @@ verify_callback(X509_STORE_CTX *ctx, void *data) // // If you're reading this code with the intent to re-use it, think // twice. - // - // TODO: Check that the subject name is valid for the requested URL. struct gemini_tofu *tofu = (struct gemini_tofu *)data; X509 *cert = X509_STORE_CTX_get0_cert(ctx); struct known_host *host = NULL; @@ -74,6 +73,12 @@ verify_callback(X509_STORE_CTX *ctx, void *data) goto invalid_cert; } + rc = X509_check_host(cert, servername, strlen(servername), 0, NULL); + if (rc != 1) { + rc = X509_V_ERR_HOSTNAME_MISMATCH; + goto invalid_cert; + } + time_t now; time(&now);