effc6c6d0d
This lets the user code set the mbedtls hostname using the standard OpenSSL X509_VERIFY_PARAM_set1_host() API semantics. The API takes an X509_VERIFY_PARAM pointer. We use the fact that is a composed member of the SSL struct to derive the SSL pointer. The X509_VERIFY_PARAM_set1_host() is unusual in that it can accept a NUL terminated C string as usual, or a nonterminated pointer + length. This implementation converts the latter to the former if given, before using it. This is enough for user code to get the openssl wrapper to make mbedtls confirm the CN on the peer cert belongs to the hostname used to reach it, by doing, eg X509_VERIFY_PARAM_set1_host(SSL_get0_param(myssl), myhostname, 0); Merges https://github.com/espressif/esp-idf/pull/980 |
||
---|---|---|
.. | ||
ssl_pm.c | ||
ssl_port.c |