MIRROR: javascript for ๐'s, a tiny runtime with big ambitions
fix IP certificate verification
+19
-2
+19
-2
vendor/packagefiles/tlsuv/src/boringssl/engine.c
+19
-2
vendor/packagefiles/tlsuv/src/boringssl/engine.c
···
4
4
#include <stdlib.h>
5
5
#include <string.h>
6
6
#include <sys/stat.h>
7
+
#include <uv.h>
7
8
8
9
#include "../alloc.h"
9
10
#include "../keychain.h"
···
48
49
};
49
50
50
51
static int is_self_signed(X509 *cert);
52
+
static bool host_is_ip_literal(const char *host);
51
53
static const char *name_str(const X509_NAME *n);
52
54
static void init_ssl_context(struct boringssl_ctx *c, const char *cabuf, size_t cabuf_len);
53
55
static int tls_set_own_cert(tls_context *ctx, tlsuv_private_key_t key, tlsuv_certificate_t cert);
···
450
452
engine->api = boringssl_engine_api;
451
453
engine->ssl = SSL_new(context->ctx);
452
454
453
-
SSL_set_tlsext_host_name(engine->ssl, host);
454
-
SSL_set1_host(engine->ssl, host);
455
+
if (host && *host) {
456
+
if (host_is_ip_literal(host)) {
457
+
X509_VERIFY_PARAM_set1_ip_asc(SSL_get0_param(engine->ssl), host);
458
+
} else {
459
+
SSL_set_tlsext_host_name(engine->ssl, host);
460
+
SSL_set1_host(engine->ssl, host);
461
+
}
462
+
}
455
463
SSL_set_connect_state(engine->ssl);
456
464
SSL_set_app_data(engine->ssl, engine);
457
465
458
466
return &engine->api;
467
+
}
468
+
469
+
static bool host_is_ip_literal(const char *host) {
470
+
struct sockaddr_in addr4;
471
+
struct sockaddr_in6 addr6;
472
+
473
+
return host != NULL &&
474
+
(uv_inet_pton(AF_INET, host, &addr4.sin_addr) == 0 ||
475
+
uv_inet_pton(AF_INET6, host, &addr6.sin6_addr) == 0);
459
476
}
460
477
461
478
static void set_io(tlsuv_engine_t self, io_ctx io, io_read rdf, io_write wrtf) {