From 396f003c698998d7248b0613741cccd30987c9c4 Mon Sep 17 00:00:00 2001 From: Julian Brost <julian.brost@icinga.com> Date: Fri, 13 Aug 2021 09:28:57 +0200 Subject: [PATCH] Enable hostname verification in UnbufferedAsioTlsStream --- lib/base/tlsstream.cpp | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lib/base/tlsstream.cpp b/lib/base/tlsstream.cpp index b72a88030..db54c919e 100644 --- a/lib/base/tlsstream.cpp +++ b/lib/base/tlsstream.cpp @@ -37,6 +37,10 @@ void UnbufferedAsioTlsStream::BeforeHandshake(handshake_type type) { namespace ssl = boost::asio::ssl; + if (!m_Hostname.IsEmpty()) { + X509_VERIFY_PARAM_set1_host(SSL_get0_param(native_handle()), m_Hostname.CStr(), m_Hostname.GetLength()); + } + set_verify_mode(ssl::verify_peer | ssl::verify_client_once); set_verify_callback([this](bool preverified, ssl::verify_context& ctx) {