summaryrefslogtreecommitdiffhomepage
path: root/https.cpp
diff options
context:
space:
mode:
authorRoland Reichwein <mail@reichwein.it>2023-01-07 12:09:14 +0100
committerRoland Reichwein <mail@reichwein.it>2023-01-07 12:09:14 +0100
commitedb8e44b5a12776a6b5ce4bb5316e4c8acdd858a (patch)
treee92630b31192589b3c5e184b7045f8802dc40cd2 /https.cpp
parent1e6cca9ca8c4771b05f419a23cd3bb1bbc1f0e38 (diff)
Fix TLS certificate verification
Diffstat (limited to 'https.cpp')
-rw-r--r--https.cpp17
1 files changed, 14 insertions, 3 deletions
diff --git a/https.cpp b/https.cpp
index 10f76e0..523acb5 100644
--- a/https.cpp
+++ b/https.cpp
@@ -476,7 +476,7 @@ void load_server_certificate(boost::asio::ssl::context& ctx, const fs::path& cer
The certificate was generated from CMD.EXE on Windows 10 using:
winpty openssl dhparam -out dh.pem 2048
- winpty openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 10000 -out cert.pem -subj "//C=US\ST=CA\L=Los Angeles\O=Beast\CN=www.example.com"
+ winpty openssl req -newkey rsa:4096 -sha256 -nodes -keyout key.pem -x509 -days 10000 -out cert.pem -subj "//C=DE\ST=BY\L=Munich\O=Reichwein\CN=reichwein.it"
*/
std::string const dh =
@@ -531,7 +531,7 @@ void load_server_certificate(boost::asio::ssl::context& ctx, const fs::path& cer
std::string key;
if (key_path == "") {
- // generate dummy self signed certificate. Will be replaced by real
+ // use dummy self signed key. Will be replaced by real
// certificate if configured upon respective session
key =
"-----BEGIN PRIVATE KEY-----\n"
@@ -581,6 +581,15 @@ int ServerNameError(SSL *s, HTTPS::Server::ctx_type& ctx_map)
return SSL_CLIENT_HELLO_SUCCESS; // OK for now
}
+std::string unbracketed(const std::string& s)
+{
+ if (s.size() >= 2 && s.front() == '[' && s.back() == ']') {
+ return s.substr(1, s.size() - 2);
+ } else {
+ return s;
+ }
+}
+
int servername_callback(SSL *s, int *al, void *arg)
{
HTTPS::Server::ctx_type& ctx_map = *(HTTPS::Server::ctx_type*)arg;
@@ -618,6 +627,8 @@ int servername_callback(SSL *s, int *al, void *arg)
if (server_name.size() >= 5 && server_name[0] == '\0')
server_name = server_name.substr(5);
+ server_name = unbracketed(server_name);
+
auto it {ctx_map.find(server_name)};
std::shared_ptr<ssl::context> ctx{};
if (it != ctx_map.end()) {
@@ -668,7 +679,7 @@ void Server::load_certificates()
for (const auto& host: site.second.hosts) {
std::cout << " Adding Host " << host << std::endl;
- m_ctx.emplace(host, ctx);
+ m_ctx.emplace(unbracketed(host), ctx);
}
}
}