mirror/gmni
1
0
Fork 0
mirror of https://git.sr.ht/~sircmpwn/gmni synced 2024-11-23 04:51:59 +01:00
Code

TOFU: verify hostnames

Browse Source
This commit is contained in:
Drew DeVault 2020-09-27 11:40:49 -04:00
parent 77de1bb2a8
commit ce1ef1abde
1 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/tofu.c
View File

@ -6,6 +6,7 @@
#include <openssl/evp.h>
#include <openssl/ssl.h>
#include <openssl/x509.h>
#include <openssl/x509v3.h>
#include <stdio.h>
#include <string.h>
#include <time.h>
@ -27,8 +28,6 @@ verify_callback(X509_STORE_CTX *ctx, void *data)
//
// If you're reading this code with the intent to re-use it, think
// twice.
//
// TODO: Check that the subject name is valid for the requested URL.
struct gemini_tofu *tofu = (struct gemini_tofu *)data;
X509 *cert = X509_STORE_CTX_get0_cert(ctx);
struct known_host *host = NULL;
@ -74,6 +73,12 @@ verify_callback(X509_STORE_CTX *ctx, void *data)
goto invalid_cert;
}
rc = X509_check_host(cert, servername, strlen(servername), 0, NULL);
if (rc != 1) {
rc = X509_V_ERR_HOSTNAME_MISMATCH;
goto invalid_cert;
}
time_t now;
time(&now);