diff options
author | Ingela Anderton Andin <[email protected]> | 2017-10-06 17:24:16 +0200 |
---|---|---|
committer | Ingela Anderton Andin <[email protected]> | 2017-10-13 11:35:39 +0200 |
commit | 0bb96516ce308b6fb837696338b492d3c9a9f429 (patch) | |
tree | 4daf04a9d86159bf803db457eda16c4199992afa /lib/ssl/src/ssl_connection.erl | |
parent | 4f4bf872831b12cac8913e8a62e35725d0173b0d (diff) | |
download | otp-0bb96516ce308b6fb837696338b492d3c9a9f429.tar.gz otp-0bb96516ce308b6fb837696338b492d3c9a9f429.tar.bz2 otp-0bb96516ce308b6fb837696338b492d3c9a9f429.zip |
ssl: Extend hostname check to fallback to checking IP-address
If no SNI is available and the hostname is an IP-address also check
for IP-address match. This check is not as good as a DNS hostname check
and certificates using IP-address are not recommended.
Diffstat (limited to 'lib/ssl/src/ssl_connection.erl')
-rw-r--r-- | lib/ssl/src/ssl_connection.erl | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/lib/ssl/src/ssl_connection.erl b/lib/ssl/src/ssl_connection.erl index 2dbe08e0a7..2fed7d864f 100644 --- a/lib/ssl/src/ssl_connection.erl +++ b/lib/ssl/src/ssl_connection.erl @@ -496,12 +496,13 @@ certify(internal, #certificate{}, certify(internal, #certificate{} = Cert, #state{negotiated_version = Version, role = Role, + host = Host, cert_db = CertDbHandle, cert_db_ref = CertDbRef, crl_db = CRLDbInfo, ssl_options = Opts} = State, Connection) -> case ssl_handshake:certify(Cert, CertDbHandle, CertDbRef, - Opts, CRLDbInfo, Role) of + Opts, CRLDbInfo, Role, Host) of {PeerCert, PublicKeyInfo} -> handle_peer_cert(Role, PeerCert, PublicKeyInfo, State#state{client_certificate_requested = false}, Connection); |