diff options
author | Roland Reichwein <mail@reichwein.it> | 2023-01-07 12:09:14 +0100 |
---|---|---|
committer | Roland Reichwein <mail@reichwein.it> | 2023-01-07 12:09:14 +0100 |
commit | edb8e44b5a12776a6b5ce4bb5316e4c8acdd858a (patch) | |
tree | e92630b31192589b3c5e184b7045f8802dc40cd2 /https.cpp | |
parent | 1e6cca9ca8c4771b05f419a23cd3bb1bbc1f0e38 (diff) |
Fix TLS certificate verification
Diffstat (limited to 'https.cpp')
-rw-r--r-- | https.cpp | 17 |
1 files changed, 14 insertions, 3 deletions
@@ -476,7 +476,7 @@ void load_server_certificate(boost::asio::ssl::context& ctx, const fs::path& cer The certificate was generated from CMD.EXE on Windows 10 using: winpty openssl dhparam -out dh.pem 2048 - winpty openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 10000 -out cert.pem -subj "//C=US\ST=CA\L=Los Angeles\O=Beast\CN=www.example.com" + winpty openssl req -newkey rsa:4096 -sha256 -nodes -keyout key.pem -x509 -days 10000 -out cert.pem -subj "//C=DE\ST=BY\L=Munich\O=Reichwein\CN=reichwein.it" */ std::string const dh = @@ -531,7 +531,7 @@ void load_server_certificate(boost::asio::ssl::context& ctx, const fs::path& cer std::string key; if (key_path == "") { - // generate dummy self signed certificate. Will be replaced by real + // use dummy self signed key. Will be replaced by real // certificate if configured upon respective session key = "-----BEGIN PRIVATE KEY-----\n" @@ -581,6 +581,15 @@ int ServerNameError(SSL *s, HTTPS::Server::ctx_type& ctx_map) return SSL_CLIENT_HELLO_SUCCESS; // OK for now } +std::string unbracketed(const std::string& s) +{ + if (s.size() >= 2 && s.front() == '[' && s.back() == ']') { + return s.substr(1, s.size() - 2); + } else { + return s; + } +} + int servername_callback(SSL *s, int *al, void *arg) { HTTPS::Server::ctx_type& ctx_map = *(HTTPS::Server::ctx_type*)arg; @@ -618,6 +627,8 @@ int servername_callback(SSL *s, int *al, void *arg) if (server_name.size() >= 5 && server_name[0] == '\0') server_name = server_name.substr(5); + server_name = unbracketed(server_name); + auto it {ctx_map.find(server_name)}; std::shared_ptr<ssl::context> ctx{}; if (it != ctx_map.end()) { @@ -668,7 +679,7 @@ void Server::load_certificates() for (const auto& host: site.second.hosts) { std::cout << " Adding Host " << host << std::endl; - m_ctx.emplace(host, ctx); + m_ctx.emplace(unbracketed(host), ctx); } } } |