set empty server name to skip server name verification

2 years ago · 1840908ba5
2 changed files with 7 additions and 0 deletions
--- a/picotls/picotls.nim
+++ b/picotls/picotls.nim
@ -285,3 +285,7 @@ proc ptls_load_certificates*(ctx: ptr ptls_context_t, cert_pem_file: cstring):

 proc ptls_get_data_ptr*(tls: ptr ptls_t): ptr pointer
                       {.importc, header: "picotls.h", cdecl.}
+
+proc ptls_set_server_name*(tls: ptr ptls_t, server_name: cstring,
+                           server_name_len: csize_t): cint
+                          {.importc, header: "picotls.h", cdecl.}
--- a/quicp2p.nim
+++ b/quicp2p.nim
@ -165,6 +165,9 @@ proc verifyCerts(self: ptr ptls_verify_certificate_t, tls: ptr ptls_t,
    return PTLS_ALERT_BAD_CERTIFICATE
  let store = X509_STORE_new()
  discard X509_STORE_add_cert(store, caCert)
+  # empty server name makes picotls skip server name verification
+  #FIXME: should we use the peer ID as server name?
+  discard ptls_set_server_name(tls, nil, 0)
  var opensslVerifier: ptls_openssl_verify_certificate_t
  discard ptls_openssl_init_verify_certificate(addr opensslVerifier, store)
  result = opensslVerifier.super.cb(addr opensslVerifier.super, tls,