set empty server name to skip server name verification

master
Christian Ulrich 2020-11-09 15:39:49 +01:00
parent 3f13c06a9f
commit 1840908ba5
No known key found for this signature in database
GPG Key ID: 8241BE099775A097
2 changed files with 7 additions and 0 deletions

View File

@ -285,3 +285,7 @@ proc ptls_load_certificates*(ctx: ptr ptls_context_t, cert_pem_file: cstring):
proc ptls_get_data_ptr*(tls: ptr ptls_t): ptr pointer
{.importc, header: "picotls.h", cdecl.}
proc ptls_set_server_name*(tls: ptr ptls_t, server_name: cstring,
server_name_len: csize_t): cint
{.importc, header: "picotls.h", cdecl.}

View File

@ -165,6 +165,9 @@ proc verifyCerts(self: ptr ptls_verify_certificate_t, tls: ptr ptls_t,
return PTLS_ALERT_BAD_CERTIFICATE
let store = X509_STORE_new()
discard X509_STORE_add_cert(store, caCert)
# empty server name makes picotls skip server name verification
#FIXME: should we use the peer ID as server name?
discard ptls_set_server_name(tls, nil, 0)
var opensslVerifier: ptls_openssl_verify_certificate_t
discard ptls_openssl_init_verify_certificate(addr opensslVerifier, store)
result = opensslVerifier.super.cb(addr opensslVerifier.super, tls,