Browse Source

set empty server name to skip server name verification

master
Christian Ulrich 1 year ago
parent
commit
1840908ba5
No known key found for this signature in database GPG Key ID: 8241BE099775A097
  1. 4
      picotls/picotls.nim
  2. 3
      quicp2p.nim

4
picotls/picotls.nim

@ -285,3 +285,7 @@ proc ptls_load_certificates*(ctx: ptr ptls_context_t, cert_pem_file: cstring):
proc ptls_get_data_ptr*(tls: ptr ptls_t): ptr pointer
{.importc, header: "picotls.h", cdecl.}
proc ptls_set_server_name*(tls: ptr ptls_t, server_name: cstring,
server_name_len: csize_t): cint
{.importc, header: "picotls.h", cdecl.}

3
quicp2p.nim

@ -165,6 +165,9 @@ proc verifyCerts(self: ptr ptls_verify_certificate_t, tls: ptr ptls_t,
return PTLS_ALERT_BAD_CERTIFICATE
let store = X509_STORE_new()
discard X509_STORE_add_cert(store, caCert)
# empty server name makes picotls skip server name verification
#FIXME: should we use the peer ID as server name?
discard ptls_set_server_name(tls, nil, 0)
var opensslVerifier: ptls_openssl_verify_certificate_t
discard ptls_openssl_init_verify_certificate(addr opensslVerifier, store)
result = opensslVerifier.super.cb(addr opensslVerifier.super, tls,

Loading…
Cancel
Save