andreacavalli/tdlib-fork
Archived
1
0
Fork 0
Code Pull Requests Releases Activity

Fix IP address verification in TLS certificate.

Browse Source 
GitOrigin-RevId: 5275f8be34e9459a13a87e6fbd056754ceb515d4
This commit is contained in:
levlam 2020-05-16 18:43:49 +03:00
parent 7bdff46710
commit 842e2033b7
4 changed files with 13 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
benchmark/wget.cpp
View File

@ -27,6 +27,9 @@ int main(int argc, char *argv[]) {
scheduler scheduler
->create_actor_unsafe<td::Wget>(0, "Client", ->create_actor_unsafe<td::Wget>(0, "Client",
td::PromiseCreator::lambda([](td::Result<td::unique_ptr<td::HttpQuery>> res) { td::PromiseCreator::lambda([](td::Result<td::unique_ptr<td::HttpQuery>> res) {
if (res.is_error()) {
LOG(FATAL) << res.error();
}
LOG(ERROR) << *res.ok(); LOG(ERROR) << *res.ok();
td::Scheduler::instance()->finish(); td::Scheduler::instance()->finish();
}), }),

9
tdnet/td/net/SslStream.cpp
View File

@ -323,10 +323,13 @@ class SslStreamImpl {
#if OPENSSL_VERSION_NUMBER >= 0x10002000L #if OPENSSL_VERSION_NUMBER >= 0x10002000L
X509_VERIFY_PARAM *param = SSL_get0_param(ssl_handle); X509_VERIFY_PARAM *param = SSL_get0_param(ssl_handle);
/* Enable automatic hostname checks */
// TODO: X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS
X509_VERIFY_PARAM_set_hostflags(param, 0); X509_VERIFY_PARAM_set_hostflags(param, 0);
X509_VERIFY_PARAM_set1_host(param, host.c_str(), 0); if (r_ip_address.is_ok()) {
X509_VERIFY_PARAM_set1_ip_asc(param, r_ip_address.ok().get_ip_str().c_str());
// X509_VERIFY_PARAM_set1_host(param, host.c_str(), 0);
} else {
X509_VERIFY_PARAM_set1_host(param, host.c_str(), 0);
}
#else #else
#warning DANGEROUS! HTTPS HOST WILL NOT BE CHECKED. INSTALL OPENSSL >= 1.0.2 OR IMPLEMENT HTTPS HOST CHECK MANUALLY #warning DANGEROUS! HTTPS HOST WILL NOT BE CHECKED. INSTALL OPENSSL >= 1.0.2 OR IMPLEMENT HTTPS HOST CHECK MANUALLY
#endif #endif

6
tdutils/td/utils/port/IPAddress.cpp
View File

@ -521,9 +521,9 @@ string IPAddress::ipv6_to_str(Slice ipv6) {
return ::td::get_ip_str(AF_INET6, ipv6.ubegin()).str(); return ::td::get_ip_str(AF_INET6, ipv6.ubegin()).str();
} }
Slice IPAddress::get_ip_str() const { CSlice IPAddress::get_ip_str() const {
if (!is_valid()) { if (!is_valid()) {
return Slice("0.0.0.0"); return CSlice("0.0.0.0");
} }
switch (get_address_family()) { switch (get_address_family()) {
@ -533,7 +533,7 @@ Slice IPAddress::get_ip_str() const {
return ::td::get_ip_str(AF_INET, &ipv4_addr_.sin_addr); return ::td::get_ip_str(AF_INET, &ipv4_addr_.sin_addr);
default: default:
UNREACHABLE(); UNREACHABLE();
return Slice(); return CSlice();
} }
} }

2
tdutils/td/utils/port/IPAddress.h
View File

@ -42,7 +42,7 @@ class IPAddress {
string get_ipv6() const; string get_ipv6() const;
// returns result in a static thread-local buffer, which may be overwritten by any subsequent method call // returns result in a static thread-local buffer, which may be overwritten by any subsequent method call
Slice get_ip_str() const; CSlice get_ip_str() const;
static string ipv4_to_str(uint32 ipv4); static string ipv4_to_str(uint32 ipv4);
static string ipv6_to_str(Slice ipv6); static string ipv6_to_str(Slice ipv6);