tdlight-team/tdlight
tdlight-team/tdlight
1
1
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add option for checking IP address in the certificate as host.

Browse Source 
GitOrigin-RevId: dba5b87a59f3d3d3241051ee0257a5786fdf4fb0
This commit is contained in:
levlam 2020-09-14 03:58:57 +03:00
parent 3ae535eae7
commit a74d02f412
2 changed files with 7 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
tdnet/td/net/SslStream.cpp
View File

@ -291,7 +291,7 @@ Result<SslCtx> create_ssl_ctx(CSlice cert_file, SslStream::VerifyPeer verify_pee
class SslStreamImpl {
public:
Status init(CSlice host, CSlice cert_file, SslStream::VerifyPeer verify_peer) {
Status init(CSlice host, CSlice cert_file, SslStream::VerifyPeer verify_peer, bool check_ip_address_as_host) {
static bool init_openssl = [] {
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
return OPENSSL_init_ssl(0, nullptr) != 0;
@ -317,7 +317,7 @@ class SslStreamImpl {
#if OPENSSL_VERSION_NUMBER >= 0x10002000L
X509_VERIFY_PARAM *param = SSL_get0_param(ssl_handle.get());
X509_VERIFY_PARAM_set_hostflags(param, 0);
if (r_ip_address.is_ok()) {
if (r_ip_address.is_ok() && !check_ip_address_as_host) {
LOG(DEBUG) << "Set verification IP address to " << r_ip_address.ok().get_ip_str();
X509_VERIFY_PARAM_set1_ip_asc(param, r_ip_address.ok().get_ip_str().c_str());
} else {
@ -509,9 +509,10 @@ SslStream::SslStream(SslStream &&) = default;
SslStream &SslStream::operator=(SslStream &&) = default;
SslStream::~SslStream() = default;
Result<SslStream> SslStream::create(CSlice host, CSlice cert_file, VerifyPeer verify_peer) {
Result<SslStream> SslStream::create(CSlice host, CSlice cert_file, VerifyPeer verify_peer,
bool use_ip_address_as_host) {
auto impl = make_unique<detail::SslStreamImpl>();
TRY_STATUS(impl->init(host, cert_file, verify_peer));
TRY_STATUS(impl->init(host, cert_file, verify_peer, use_ip_address_as_host));
return SslStream(std::move(impl));
}
SslStream::SslStream(unique_ptr<detail::SslStreamImpl> impl) : impl_(std::move(impl)) {

3
tdnet/td/net/SslStream.h
View File

@ -25,7 +25,8 @@ class SslStream {
enum class VerifyPeer { On, Off };
static Result<SslStream> create(CSlice host, CSlice cert_file = CSlice(), VerifyPeer verify_peer = VerifyPeer::On);
static Result<SslStream> create(CSlice host, CSlice cert_file = CSlice(), VerifyPeer verify_peer = VerifyPeer::On,
bool check_ip_address_as_host = false);
ByteFlowInterface &read_byte_flow();
ByteFlowInterface &write_byte_flow();