Enable server name verification on mbedTLS

PUBLISHED_FROM=54774944d5402a5d6a351b4609428940c0ad20ea

Enable server name verification on mbedTLS
PUBLISHED_FROM=54774944d5402a5d6a351b4609428940c0ad20ea
7776df24 · Deomid Ryabkov · Cesanta Bot · e17fdcb0 · 7776df24
Commit 7776df24 authored Nov 28, 2016 by Deomid Ryabkov Committed by Cesanta Bot Nov 28, 2016
Show whitespace changes
Inline Side-by-side

Showing with 4 additions and 4 deletions

mongoose.c mongoose.c +4 -4

No files found.
--- a/mongoose.c
+++ b/mongoose.c
@@ -4370,10 +4370,6 @@ enum mg_ssl_if_result mg_ssl_if_conn_init(
    return MG_SSL_ERROR;
  }
-  if (params->server_name != NULL) {
-    /* TODO(rojer): Implement server name verification on mbedTLS. */
-  }
  mg_set_cipher_list(ctx, NULL);
  if (!(nc->flags & MG_F_LISTENING)) {
@@ -4383,6 +4379,10 @@ enum mg_ssl_if_result mg_ssl_if_conn_init(
      MG_SET_PTRPTR(err_msg, "Failed to create SSL session");
      return MG_SSL_ERROR;
    }
+    if (params->server_name != NULL &&
+        mbedtls_ssl_set_hostname(ctx->ssl, params->server_name) != 0) {
+      return MG_SSL_ERROR;
+    }
  }
  nc->flags |= MG_F_SSL;