aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/src/ssl_connection.erl
diff options
context:
space:
mode:
authorIngela Anderton Andin <[email protected]>2017-10-06 17:24:16 +0200
committerIngela Anderton Andin <[email protected]>2017-10-13 11:35:39 +0200
commit0bb96516ce308b6fb837696338b492d3c9a9f429 (patch)
tree4daf04a9d86159bf803db457eda16c4199992afa /lib/ssl/src/ssl_connection.erl
parent4f4bf872831b12cac8913e8a62e35725d0173b0d (diff)
downloadotp-0bb96516ce308b6fb837696338b492d3c9a9f429.tar.gz
otp-0bb96516ce308b6fb837696338b492d3c9a9f429.tar.bz2
otp-0bb96516ce308b6fb837696338b492d3c9a9f429.zip
ssl: Extend hostname check to fallback to checking IP-address
If no SNI is available and the hostname is an IP-address also check for IP-address match. This check is not as good as a DNS hostname check and certificates using IP-address are not recommended.
Diffstat (limited to 'lib/ssl/src/ssl_connection.erl')
-rw-r--r--lib/ssl/src/ssl_connection.erl3
1 files changed, 2 insertions, 1 deletions
diff --git a/lib/ssl/src/ssl_connection.erl b/lib/ssl/src/ssl_connection.erl
index 2dbe08e0a7..2fed7d864f 100644
--- a/lib/ssl/src/ssl_connection.erl
+++ b/lib/ssl/src/ssl_connection.erl
@@ -496,12 +496,13 @@ certify(internal, #certificate{},
certify(internal, #certificate{} = Cert,
#state{negotiated_version = Version,
role = Role,
+ host = Host,
cert_db = CertDbHandle,
cert_db_ref = CertDbRef,
crl_db = CRLDbInfo,
ssl_options = Opts} = State, Connection) ->
case ssl_handshake:certify(Cert, CertDbHandle, CertDbRef,
- Opts, CRLDbInfo, Role) of
+ Opts, CRLDbInfo, Role, Host) of
{PeerCert, PublicKeyInfo} ->
handle_peer_cert(Role, PeerCert, PublicKeyInfo,
State#state{client_certificate_requested = false}, Connection);