Fix IP address verification in TLS certificate.
GitOrigin-RevId: 5275f8be34e9459a13a87e6fbd056754ceb515d4
This commit is contained in:
parent
7bdff46710
commit
842e2033b7
@ -27,6 +27,9 @@ int main(int argc, char *argv[]) {
|
||||
scheduler
|
||||
->create_actor_unsafe<td::Wget>(0, "Client",
|
||||
td::PromiseCreator::lambda([](td::Result<td::unique_ptr<td::HttpQuery>> res) {
|
||||
if (res.is_error()) {
|
||||
LOG(FATAL) << res.error();
|
||||
}
|
||||
LOG(ERROR) << *res.ok();
|
||||
td::Scheduler::instance()->finish();
|
||||
}),
|
||||
|
@ -323,10 +323,13 @@ class SslStreamImpl {
|
||||
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x10002000L
|
||||
X509_VERIFY_PARAM *param = SSL_get0_param(ssl_handle);
|
||||
/* Enable automatic hostname checks */
|
||||
// TODO: X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS
|
||||
X509_VERIFY_PARAM_set_hostflags(param, 0);
|
||||
X509_VERIFY_PARAM_set1_host(param, host.c_str(), 0);
|
||||
if (r_ip_address.is_ok()) {
|
||||
X509_VERIFY_PARAM_set1_ip_asc(param, r_ip_address.ok().get_ip_str().c_str());
|
||||
// X509_VERIFY_PARAM_set1_host(param, host.c_str(), 0);
|
||||
} else {
|
||||
X509_VERIFY_PARAM_set1_host(param, host.c_str(), 0);
|
||||
}
|
||||
#else
|
||||
#warning DANGEROUS! HTTPS HOST WILL NOT BE CHECKED. INSTALL OPENSSL >= 1.0.2 OR IMPLEMENT HTTPS HOST CHECK MANUALLY
|
||||
#endif
|
||||
|
@ -521,9 +521,9 @@ string IPAddress::ipv6_to_str(Slice ipv6) {
|
||||
return ::td::get_ip_str(AF_INET6, ipv6.ubegin()).str();
|
||||
}
|
||||
|
||||
Slice IPAddress::get_ip_str() const {
|
||||
CSlice IPAddress::get_ip_str() const {
|
||||
if (!is_valid()) {
|
||||
return Slice("0.0.0.0");
|
||||
return CSlice("0.0.0.0");
|
||||
}
|
||||
|
||||
switch (get_address_family()) {
|
||||
@ -533,7 +533,7 @@ Slice IPAddress::get_ip_str() const {
|
||||
return ::td::get_ip_str(AF_INET, &ipv4_addr_.sin_addr);
|
||||
default:
|
||||
UNREACHABLE();
|
||||
return Slice();
|
||||
return CSlice();
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -42,7 +42,7 @@ class IPAddress {
|
||||
string get_ipv6() const;
|
||||
|
||||
// returns result in a static thread-local buffer, which may be overwritten by any subsequent method call
|
||||
Slice get_ip_str() const;
|
||||
CSlice get_ip_str() const;
|
||||
|
||||
static string ipv4_to_str(uint32 ipv4);
|
||||
static string ipv6_to_str(Slice ipv6);
|
||||
|
Loading…
Reference in New Issue
Block a user