Browse Source
set empty server name to skip server name verification
master
No known key found for this signature in database
GPG Key ID: 8241BE099775A097
2 changed files with
7 additions and
0 deletions
-
picotls/picotls.nim
-
quicp2p.nim
|
|
@ -285,3 +285,7 @@ proc ptls_load_certificates*(ctx: ptr ptls_context_t, cert_pem_file: cstring): |
|
|
|
|
|
|
|
proc ptls_get_data_ptr*(tls: ptr ptls_t): ptr pointer |
|
|
|
{.importc, header: "picotls.h", cdecl.} |
|
|
|
|
|
|
|
proc ptls_set_server_name*(tls: ptr ptls_t, server_name: cstring, |
|
|
|
server_name_len: csize_t): cint |
|
|
|
{.importc, header: "picotls.h", cdecl.} |
|
|
|
|
|
@ -165,6 +165,9 @@ proc verifyCerts(self: ptr ptls_verify_certificate_t, tls: ptr ptls_t, |
|
|
|
return PTLS_ALERT_BAD_CERTIFICATE |
|
|
|
let store = X509_STORE_new() |
|
|
|
discard X509_STORE_add_cert(store, caCert) |
|
|
|
# empty server name makes picotls skip server name verification |
|
|
|
#FIXME: should we use the peer ID as server name? |
|
|
|
discard ptls_set_server_name(tls, nil, 0) |
|
|
|
var opensslVerifier: ptls_openssl_verify_certificate_t |
|
|
|
discard ptls_openssl_init_verify_certificate(addr opensslVerifier, store) |
|
|
|
result = opensslVerifier.super.cb(addr opensslVerifier.super, tls, |
|
|
|