Merge pull request #731 from sfackler/ip-host
Properly handle IPs in hostname verification
This commit is contained in:
Steven Fackler
GitHub
commit
3c7c7a8197
|
|
@ -2587,6 +2587,12 @@ extern "C" {
|
|||
name: *const c_char,
|
||||
namelen: size_t,
|
||||
) -> c_int;
|
||||
#[cfg(not(any(ossl101, libressl)))]
|
||||
pub fn X509_VERIFY_PARAM_set1_ip(
|
||||
param: *mut X509_VERIFY_PARAM,
|
||||
ip: *const c_uchar,
|
||||
iplen: size_t,
|
||||
) -> c_int;
|
||||
|
||||
pub fn d2i_DHparams(k: *mut *mut DH, pp: *mut *const c_uchar, length: c_long) -> *mut DH;
|
||||
pub fn i2d_DHparams(dh: *const DH, pp: *mut *mut c_uchar) -> c_int;
|
||||
|
|
|
|||
|
|
@ -355,7 +355,10 @@ fn setup_verify(ctx: &mut SslContextBuilder) {
|
|||
fn setup_verify_hostname(ssl: &mut Ssl, domain: &str) -> Result<(), ErrorStack> {
|
||||
let param = ssl._param_mut();
|
||||
param.set_hostflags(::verify::X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS);
|
||||
param.set_host(domain)
|
||||
match domain.parse() {
|
||||
Ok(ip) => param.set_ip(ip),
|
||||
Err(_) => param.set_host(domain),
|
||||
}
|
||||
}
|
||||
|
||||
#[cfg(ossl101)]
|
||||
|
|
|
|||
|
|
@ -1,6 +1,7 @@
|
|||
use libc::c_uint;
|
||||
use ffi;
|
||||
use foreign_types::ForeignTypeRef;
|
||||
use std::net::IpAddr;
|
||||
|
||||
use cvt;
|
||||
use error::ErrorStack;
|
||||
|
|
@ -43,4 +44,25 @@ impl X509VerifyParamRef {
|
|||
)).map(|_| ())
|
||||
}
|
||||
}
|
||||
|
||||
pub fn set_ip(&mut self, ip: IpAddr) -> Result<(), ErrorStack> {
|
||||
unsafe {
|
||||
let mut buf = [0; 16];
|
||||
let len = match ip {
|
||||
IpAddr::V4(addr) => {
|
||||
buf[..4].copy_from_slice(&addr.octets());
|
||||
4
|
||||
}
|
||||
IpAddr::V6(addr) => {
|
||||
buf.copy_from_slice(&addr.octets());
|
||||
16
|
||||
}
|
||||
};
|
||||
cvt(ffi::X509_VERIFY_PARAM_set1_ip(
|
||||
self.as_ptr(),
|
||||
buf.as_ptr() as *const _,
|
||||
len,
|
||||
)).map(|_| ())
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue