Merge pull request #53 from vouillon/hostname-validation

Hostname validation: compatibility with OpenSSL 1.0.2
savonet · Jul 13, 2019 · 210c724 · 210c724
2 parents c9766bf + 8970e4c
commit 210c724
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 10 deletions.
diff --git a/src/ssl.ml b/src/ssl.ml
@@ -236,7 +236,6 @@ external verify : socket -> unit = "ocaml_ssl_verify"
 
 type x509_check_flag =
   | Always_check_subject
-  | Never_check_subject
   | No_wildcards
   | No_partial_wildcards
   | Multi_label_wildcards

diff --git a/src/ssl.mli b/src/ssl.mli
@@ -408,7 +408,6 @@ val verify : socket -> unit
 (** Flags to specify how a certificate is matched against a given host name *)
 type x509_check_flag =
   | Always_check_subject
-  | Never_check_subject
   | No_wildcards
   | No_partial_wildcards
   | Multi_label_wildcards

diff --git a/src/ssl_stubs.c b/src/ssl_stubs.c
@@ -1254,18 +1254,15 @@ CAMLprim value ocaml_ssl_set_hostflags(value socket, value flag_lst)
         flags |= X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT;
         break;
       case 1:
-        flags |= X509_CHECK_FLAG_NEVER_CHECK_SUBJECT;
-        break;
-      case 2:
         flags |= X509_CHECK_FLAG_NO_WILDCARDS;
         break;
-      case 3:
+      case 2:
         flags |= X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS;
         break;
-      case 4:
+      case 3:
         flags |= X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS;
         break;
-      case 5:
+      case 4:
         flags |= X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS;
         break;
       default:
@@ -1275,7 +1272,7 @@ CAMLprim value ocaml_ssl_set_hostflags(value socket, value flag_lst)
   }
 
   caml_enter_blocking_section();
-  SSL_set_hostflags(ssl, flags);
+  X509_VERIFY_PARAM_set_hostflags(SSL_get0_param(ssl), flags);
   caml_leave_blocking_section();
 
   CAMLreturn(Val_unit);
@@ -1288,7 +1285,7 @@ CAMLprim value ocaml_ssl_set1_host(value socket, value host)
   const char *hostname = String_val (host);
 
   caml_enter_blocking_section();
-  SSL_set1_host (ssl, hostname);
+  X509_VERIFY_PARAM_set1_host (SSL_get0_param(ssl), hostname, 0);
   caml_leave_blocking_section();
 
   CAMLreturn(Val_unit);