disable peer name check (D18162775) when OpenSSL is too old

Summary: D18162775 added this code, which doesn't compile on OpenSSL 1.0.1 (e.g. on Debian 8, which is still supported). Differential Revision: D19032946 fbshipit-source-id: 0f005186e4c9dbaaa76ffce2b62150d92135801b

disable peer name check (D18162775) when OpenSSL is too old
Summary: D18162775 added this code, which doesn't compile on OpenSSL 1.0.1 (e.g. on Debian 8, which is still supported). Differential Revision: D19032946 fbshipit-source-id: 0f005186e4c9dbaaa76ffce2b62150d92135801b
b6a14167 · Ján · Facebook Github Bot · b77eab92 · b6a14167
Commit b6a14167 authored Jan 03, 2020 by Ján Committed by Facebook Github Bot Jan 03, 2020
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 0 deletions

folly/io/async/AsyncSSLSocket.cpp folly/io/async/AsyncSSLSocket.cpp +4 -0

No files found.
--- a/folly/io/async/AsyncSSLSocket.cpp
+++ b/folly/io/async/AsyncSSLSocket.cpp
@@ -724,6 +724,9 @@ bool AsyncSSLSocket::applyVerificationOptions(const ssl::SSLUniquePtr& ssl) {
  if (verifyPeer_ == SSLContext::SSLVerifyPeerEnum::USE_CTX) {
    if (ctx_->needsPeerVerification()) {
      if (ctx_->checkPeerName()) {
+#if FOLLY_OPENSSL_IS_100 || FOLLY_OPENSSL_IS_101
+        return false;
+#else
        std::string peerNameToVerify = !ctx_->peerFixedName().empty()
            ? ctx_->peerFixedName()
            : tlsextHostname_;
@@ -733,6 +736,7 @@ bool AsyncSSLSocket::applyVerificationOptions(const ssl::SSLUniquePtr& ssl) {
                param, peerNameToVerify.c_str(), peerNameToVerify.length())) {
          return false;
        }
+#endif // FOLLY_OPENSSL_IS_100 || FOLLY_OPENSSL_IS_101
      }

      SSL_set_verify(