Home Explore Help
Sign In
pascal
/
fpc
mirror of https://gitlab.com/freepascal.org/fpc/source.git
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

* Patch from Dokkie8844 to set hostname when verifying peer certificate. Fixes issue #40479

Michaël Van Canneyt 1 year ago
parent
f4da88726c
commit
6941409295
3 changed files with 21 additions and 0 deletions
Unified View Show Diff Stats
  1. 6 0
      packages/openssl/src/fpopenssl.pp
  2. 13 0
      packages/openssl/src/openssl.pas
  3. 2 0
      packages/openssl/src/opensslsockets.pp

+ 6 - 0
packages/openssl/src/fpopenssl.pp
View File 

@@ -115,6 +115,7 @@ Type
 
     function CipherBits: integer;
 
     function CipherBits: integer;
 
     function CipherAlgBits: integer;
 
     function CipherAlgBits: integer;
 
     Function VerifyResult : Integer;
 
     Function VerifyResult : Integer;
 
+    function Set1Host(const hostname: string): Integer;
 
     Property SSL: PSSL Read FSSL;
 
     Property SSL: PSSL Read FSSL;
 
   end;
 
   end;
 
 
 
@@ -822,5 +823,10 @@ begin
 
   Result:=SslGetVerifyResult(FSsl);
 
   Result:=SslGetVerifyResult(FSsl);
 
 end;
 
 end;
 
 
 
+function TSSL.Set1Host(const hostname: string): Integer;
 
+begin
 
+  Result := SslSet1Host(FSsl, hostname);
 
+end;
 
+
 
 end.
 
 end.

+ 13 - 0
packages/openssl/src/openssl.pas
View File 

@@ -1141,6 +1141,7 @@ var
 
   function SSLGetServername(ssl: PSSL; _type: cInt = TLSEXT_NAMETYPE_host_name): AnsiString;
 
   function SSLGetServername(ssl: PSSL; _type: cInt = TLSEXT_NAMETYPE_host_name): AnsiString;
 
   procedure SslCtxCallbackCtrl(ssl: PSSL; _type: cInt; cb: PCallbackCb);
 
   procedure SslCtxCallbackCtrl(ssl: PSSL; _type: cInt; cb: PCallbackCb);
 
   function SslSetSslCtx(ssl: PSSL; ctx: PSSL_CTX): PSSL;
 
   function SslSetSslCtx(ssl: PSSL; ctx: PSSL_CTX): PSSL;
 
+  function SslSet1Host(ssl: PSSL; hostname: string): cInt;
 
 
 
 // libeay.dll
 
 // libeay.dll
 
   function OPENSSL_INIT_new : POPENSSL_INIT_SETTINGS;
 
   function OPENSSL_INIT_new : POPENSSL_INIT_SETTINGS;
 
@@ -1644,6 +1645,7 @@ type
 
   TSSLGetServername = function(ssl: PSSL; _type: cInt = TLSEXT_NAMETYPE_host_name): PAnsiChar; cdecl;
 
   TSSLGetServername = function(ssl: PSSL; _type: cInt = TLSEXT_NAMETYPE_host_name): PAnsiChar; cdecl;
 
   TSSLCtxCallbackCtrl = procedure(ctx: PSSL_CTX; _type: cInt; cb: PCallbackCb); cdecl;
 
   TSSLCtxCallbackCtrl = procedure(ctx: PSSL_CTX; _type: cInt; cb: PCallbackCb); cdecl;
 
   TSSLSetSslCtx = function(ssl: PSSL; ctx: PSSL_CTX): PSSL; cdecl;
 
   TSSLSetSslCtx = function(ssl: PSSL; ctx: PSSL_CTX): PSSL; cdecl;
 
+  TSslSet1Host = function(ssl: PSSL; hostname: string): cInt; cdecl;
 
 
 
 // libeay.dll
 
 // libeay.dll
 
   TERR_load_crypto_strings = procedure; cdecl;
 
   TERR_load_crypto_strings = procedure; cdecl;
 
@@ -1890,6 +1892,7 @@ var
 
   _SSLGetServername: TSSLGetServername = nil;
 
   _SSLGetServername: TSSLGetServername = nil;
 
   _SslCtxCallbackCtrl: TSSLCtxCallbackCtrl = nil;
 
   _SslCtxCallbackCtrl: TSSLCtxCallbackCtrl = nil;
 
   _SslSetSslCtx: TSSLSetSslCtx = nil;
 
   _SslSetSslCtx: TSSLSetSslCtx = nil;
 
+  _SslSet1Host: TSslSet1Host = nil;
 
 
 
 // libeay.dll
 
 // libeay.dll
 
   _OPENSSL_cleanup : TOPENSSL_cleanup = Nil;
 
   _OPENSSL_cleanup : TOPENSSL_cleanup = Nil;
 
@@ -2637,6 +2640,14 @@ begin
 
     result := nil;
 
     result := nil;
 
 end;
 
 end;
 
 
 
+function SslSet1Host(ssl: PSSL; hostname: string): cInt;
 
+begin
 
+  if InitSSLInterface and Assigned(_SslSet1Host) then
 
+    result := _SslSet1Host(ssl, hostname)
 
+  else
 
+    result := 0;
 
+end;
 
+
 
 // libeay.dll
 
 // libeay.dll
 
 function SSLeayversion(t: cInt): AnsiString;
 
 function SSLeayversion(t: cInt): AnsiString;
 
 begin
 
 begin
 
@@ -5048,6 +5059,7 @@ begin
 
   _SslGetServername := GetProcAddr(SSLLibHandle, 'SSL_get_servername');
 
   _SslGetServername := GetProcAddr(SSLLibHandle, 'SSL_get_servername');
 
   _SslCtxCallbackCtrl := GetProcAddr(SSLLibHandle, 'SSL_CTX_callback_ctrl');
 
   _SslCtxCallbackCtrl := GetProcAddr(SSLLibHandle, 'SSL_CTX_callback_ctrl');
 
   _SslSetSslCtx := GetProcAddr(SSLLibHandle, 'SSL_set_SSL_CTX');
 
   _SslSetSslCtx := GetProcAddr(SSLLibHandle, 'SSL_set_SSL_CTX');
 
+  _SslSet1Host := GetProcAddr(SSLLibHandle, 'SSL_set1_host');
 
 end;
 
 end;
 
 
 
 Procedure LoadUtilEntryPoints;
 
 Procedure LoadUtilEntryPoints;
 
@@ -5404,6 +5416,7 @@ begin
 
   _SslGetServername := nil;
 
   _SslGetServername := nil;
 
   _SslCtxCallbackCtrl := nil;
 
   _SslCtxCallbackCtrl := nil;
 
   _SslSetSslCtx := nil;
 
   _SslSetSslCtx := nil;
 
+  _SslSet1Host := nil;
 
   _PKCS7_ISSUER_AND_SERIAL_new:=nil;
 
   _PKCS7_ISSUER_AND_SERIAL_new:=nil;
 
   _PKCS7_ISSUER_AND_SERIAL_free:=nil;
 
   _PKCS7_ISSUER_AND_SERIAL_free:=nil;
 
   _PKCS7_ISSUER_AND_SERIAL_digest:=nil;
 
   _PKCS7_ISSUER_AND_SERIAL_digest:=nil;

+ 2 - 0
packages/openssl/src/opensslsockets.pp
View File 

@@ -95,6 +95,8 @@ begin
 
      begin
 
      begin
 
      if SendHostAsSNI  and (Socket is TInetSocket) then
 
      if SendHostAsSNI  and (Socket is TInetSocket) then
 
        FSSL.Ctrl(SSL_CTRL_SET_TLSEXT_HOSTNAME,TLSEXT_NAMETYPE_host_name,PAnsiChar(AnsiString((Socket as TInetSocket).Host)));
 
        FSSL.Ctrl(SSL_CTRL_SET_TLSEXT_HOSTNAME,TLSEXT_NAMETYPE_host_name,PAnsiChar(AnsiString((Socket as TInetSocket).Host)));
 
+     if VerifyPeerCert and (Socket is TInetSocket) then
 
+       FSSL.Set1Host((Socket as TInetSocket).Host);
 
      Result:=CheckSSL(FSSL.Connect);
 
      Result:=CheckSSL(FSSL.Connect);
 
      //if Result and VerifyPeerCert then
 
      //if Result and VerifyPeerCert then
 
      //  Result:=(FSSL.VerifyResult<>0) or (not DoVerifyCert);
 
      //  Result:=(FSSL.VerifyResult<>0) or (not DoVerifyCert);