interesting
/
getdns
mirror of https://github.com/getdnsapi/getdns.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Better #ifdef select when to use X509_check_host

This commit is contained in:
Willem Toorop 2018-02-12 15:46:42 +01:00
parent c3e4061fe2
commit 9a4e389946
1 changed files with 1 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/stub.c
View File

@ -1138,13 +1138,10 @@ tls_do_handshake(getdns_upstream *upstream)
* This is not needed with native OpenSSL DANE, because EE name checks have * This is not needed with native OpenSSL DANE, because EE name checks have
* to be disabled explicitely. * to be disabled explicitely.
*/ */
#if defined(USE_DANESSL) || (!defined(HAVE_SSL_HN_AUTH) && defined(HAVE_X509_CHECK_HOST)) #if defined(HAVE_X509_CHECK_HOST) && (defined(USE_DANESSL) || !defined(HAVE_SSL_HN_AUTH))
int xch; int xch;
if (peer_cert && verify_result == X509_V_OK if (peer_cert && verify_result == X509_V_OK
&& upstream->tls_auth_name[0] && upstream->tls_auth_name[0]
# if defined(USE_DANESSL) && defined(HAVE_SSL_HN_AUTH)
&& upstream->tls_pubkey_pinset
# endif
&& (xch = X509_check_host(peer_cert, && (xch = X509_check_host(peer_cert,
upstream->tls_auth_name, upstream->tls_auth_name,
strlen(upstream->tls_auth_name), strlen(upstream->tls_auth_name),