From: Fabian Keil <fk@fabiankeil.de>
Date: Wed, 26 Aug 2020 08:31:23 +0000 (+0200)
Subject: create_server_ssl_connection(): Mimic SSL_set1_host() if it does not exist
X-Git-Tag: v_3_0_29~211
X-Git-Url: http://www.privoxy.org/gitweb/%22https:/@default-cgi@/faq/documentation.html?a=commitdiff_plain;h=80685cac02eeff1aec436a033d3e5e6721942f80;p=privoxy.git

create_server_ssl_connection(): Mimic SSL_set1_host() if it does not exist

Sponsored by: Robert Klemme
---

diff --git a/openssl.c b/openssl.c
index c8df4361..a2d8853b 100644
--- a/openssl.c
+++ b/openssl.c
@@ -1009,13 +1009,35 @@ extern int create_server_ssl_connection(struct client_state *csp)
    /*
     * Set the hostname to check against the received server certificate
     */
+#if OPENSSL_VERSION_NUMBER > 0x10100000L
    if (!SSL_set1_host(ssl, csp->http->host))
    {
       log_ssl_errors(LOG_LEVEL_ERROR, "SSL_set1_host failed");
       ret = -1;
       goto exit;
    }
-
+#else
+   if (host_is_ip_address(csp->http->host))
+   {
+      if (X509_VERIFY_PARAM_set1_ip_asc(ssl->param,  csp->http->host) != 1)
+      {
+         log_ssl_errors(LOG_LEVEL_ERROR,
+            "X509_VERIFY_PARAM_set1_ip_asc() failed");
+         ret = -1;
+         goto exit;
+      }
+   }
+   else
+   {
+      if (X509_VERIFY_PARAM_set1_host(ssl->param,  csp->http->host, 0) != 1)
+      {
+         log_ssl_errors(LOG_LEVEL_ERROR,
+            "X509_VERIFY_PARAM_set1_host() failed");
+         ret = -1;
+         goto exit;
+      }
+   }
+#endif
    /* SNI extension */
    if (!SSL_set_tlsext_host_name(ssl, csp->http->host))
    {