Commit 8d0b4544 authored by Tatsuhiro Tsujikawa's avatar Tatsuhiro Tsujikawa

libressl 2.7 has X509_VERIFY_PARAM_*

parent d8a34131
...@@ -59,6 +59,7 @@ ...@@ -59,6 +59,7 @@
#include "base64.h" #include "base64.h"
#include "tls.h" #include "tls.h"
#include "template.h" #include "template.h"
#include "ssl_compat.h"
#ifndef O_BINARY #ifndef O_BINARY
#define O_BINARY (0) #define O_BINARY (0)
...@@ -680,15 +681,16 @@ int HttpClient::initiate_connection() { ...@@ -680,15 +681,16 @@ int HttpClient::initiate_connection() {
const auto &host_string = const auto &host_string =
config.host_override.empty() ? host : config.host_override; config.host_override.empty() ? host : config.host_override;
#if (!defined(LIBRESSL_VERSION_NUMBER) && \ #if LIBRESSL_2_7_API || \
OPENSSL_VERSION_NUMBER >= 0x10002000L) || \ (!LIBRESSL_IN_USE && OPENSSL_VERSION_NUMBER >= 0x10002000L) || \
defined(OPENSSL_IS_BORINGSSL) defined(OPENSSL_IS_BORINGSSL)
auto param = SSL_get0_param(ssl); auto param = SSL_get0_param(ssl);
X509_VERIFY_PARAM_set_hostflags(param, 0); X509_VERIFY_PARAM_set_hostflags(param, 0);
X509_VERIFY_PARAM_set1_host(param, host_string.c_str(), X509_VERIFY_PARAM_set1_host(param, host_string.c_str(),
host_string.size()); host_string.size());
#endif // (!defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= #endif // LIBRESSL_2_7_API || (!LIBRESSL_IN_USE &&
// 0x10002000L) || defined(OPENSSL_IS_BORINGSSL) // OPENSSL_VERSION_NUMBER >= 0x10002000L) ||
// defined(OPENSSL_IS_BORINGSSL)
SSL_set_verify(ssl, SSL_VERIFY_PEER, verify_cb); SSL_set_verify(ssl, SSL_VERIFY_PEER, verify_cb);
if (!util::numeric_host(host_string.c_str())) { if (!util::numeric_host(host_string.c_str())) {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment