Merge pull request #464 from ArcolaEnergy/ssl-verify-tweaks-4

Tweaks to ssl hostname verification

Merge pull request #464 from ArcolaEnergy/ssl-verify-tweaks-4
Tweaks to ssl hostname verification
8a0daa17 · Ian Craggs · GitHub · c897ebac · b1a0199c · 8a0daa17
Unverified Commit 8a0daa17 authored Jun 04, 2018 by Ian Craggs Committed by GitHub Jun 04, 2018
Hide whitespace changes
Inline Side-by-side

Showing with 7 additions and 2 deletions

SSLSocket.c src/SSLSocket.c +7 -2

No files found.
--- a/src/SSLSocket.c
+++ b/src/SSLSocket.c
@@ -691,10 +691,15 @@ int SSLSocket_connect(SSL* ssl, int sock, const char* hostname, int verify)
 		hostname_len = MQTTProtocol_addressPort(hostname, &port, NULL);

 		rc = X509_check_host(cert, hostname, hostname_len, 0, &peername);
-		if (rc == 0)
-			rc = SOCKET_ERROR;
 		Log(TRACE_MIN, -1, "rc from X509_check_host is %d", rc);
 		Log(TRACE_MIN, -1, "peername from X509_check_host is %s", peername);
+		
+		if (peername != NULL)
+			OPENSSL_free(peername);
+
+		// 0 == fail, -1 == SSL internal error
+		if (rc == 0 || rc == -1)
+			rc = SSL_FATAL;

 		if (cert)
 			X509_free(cert);