interesting
/
getdns
mirror of https://github.com/getdnsapi/getdns.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Fix sole pinset validation with ssl_dane library

This commit is contained in:
Willem Toorop 2019-01-23 14:33:35 +00:00
parent cad7eb2461
commit 7c1b43b420
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/openssl/tls-internal.h
View File

@ -67,7 +67,7 @@ typedef struct _getdns_tls_connection {
const getdns_log_config* log; const getdns_log_config* log;
#if defined(USE_DANESSL) #if defined(USE_DANESSL)
const char* auth_name; const char* auth_name;
sha256_pin_t* pinset; const sha256_pin_t* pinset;
#endif #endif
} _getdns_tls_connection; } _getdns_tls_connection;

2
src/openssl/tls.c
View File

@ -904,7 +904,7 @@ getdns_return_t _getdns_tls_connection_set_host_pinset(_getdns_tls_connection* c
if (!conn || !conn->ssl || !auth_name) if (!conn || !conn->ssl || !auth_name)
return GETDNS_RETURN_INVALID_PARAMETER; return GETDNS_RETURN_INVALID_PARAMETER;
#if defined(USE_DANE_SSL) #if defined(USE_DANESSL)
/* Stash auth name and pinset away for use in cert verification. */ /* Stash auth name and pinset away for use in cert verification. */
conn->auth_name = auth_name; conn->auth_name = auth_name;
conn->pinset = pinset; conn->pinset = pinset;