From 1840908ba56739a185608eee55eb7673d0639d29 Mon Sep 17 00:00:00 2001
From: Christian Ulrich <christian@ulrich.earth>
Date: Mon, 9 Nov 2020 15:39:49 +0100
Subject: [PATCH] set empty server name to skip server name verification

---
 picotls/picotls.nim | 4 ++++
 quicp2p.nim         | 3 +++
 2 files changed, 7 insertions(+)

diff --git a/picotls/picotls.nim b/picotls/picotls.nim
index d322c29..cfb0d68 100644
--- a/picotls/picotls.nim
+++ b/picotls/picotls.nim
@@ -285,3 +285,7 @@ proc ptls_load_certificates*(ctx: ptr ptls_context_t, cert_pem_file: cstring):
 
 proc ptls_get_data_ptr*(tls: ptr ptls_t): ptr pointer
                        {.importc, header: "picotls.h", cdecl.}
+
+proc ptls_set_server_name*(tls: ptr ptls_t, server_name: cstring,
+                           server_name_len: csize_t): cint
+                          {.importc, header: "picotls.h", cdecl.}
diff --git a/quicp2p.nim b/quicp2p.nim
index fc5d30a..f215826 100644
--- a/quicp2p.nim
+++ b/quicp2p.nim
@@ -165,6 +165,9 @@ proc verifyCerts(self: ptr ptls_verify_certificate_t, tls: ptr ptls_t,
     return PTLS_ALERT_BAD_CERTIFICATE
   let store = X509_STORE_new()
   discard X509_STORE_add_cert(store, caCert)
+  # empty server name makes picotls skip server name verification
+  #FIXME: should we use the peer ID as server name?
+  discard ptls_set_server_name(tls, nil, 0)
   var opensslVerifier: ptls_openssl_verify_certificate_t
   discard ptls_openssl_init_verify_certificate(addr opensslVerifier, store)
   result = opensslVerifier.super.cb(addr opensslVerifier.super, tls,