diff options
| author | Ingela Anderton Andin <[email protected]> | 2017-10-06 17:24:16 +0200 |
|---|---|---|
| committer | Ingela Anderton Andin <[email protected]> | 2017-11-09 17:14:10 +0100 |
| commit | 3da1637b5ec4f24787d473fa3031bed44958136e (patch) | |
| tree | c99f27e1a183a92274431b652c841c72cfcfab42 /lib/ssl/src/ssl_connection.erl | |
| parent | 48faad936ff6189daf9c0af7b39a86400057cb13 (diff) | |
| download | otp-3da1637b5ec4f24787d473fa3031bed44958136e.tar.gz otp-3da1637b5ec4f24787d473fa3031bed44958136e.tar.bz2 otp-3da1637b5ec4f24787d473fa3031bed44958136e.zip | |
ssl: Extend hostname check to fallback to checking IP-address
If no SNI is available and the hostname is an IP-address also check
for IP-address match. This check is not as good as a DNS hostname check
and certificates using IP-address are not recommended.
Diffstat (limited to 'lib/ssl/src/ssl_connection.erl')
| -rw-r--r-- | lib/ssl/src/ssl_connection.erl | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/lib/ssl/src/ssl_connection.erl b/lib/ssl/src/ssl_connection.erl index c6f67eb696..099b5f8ffa 100644 --- a/lib/ssl/src/ssl_connection.erl +++ b/lib/ssl/src/ssl_connection.erl @@ -496,12 +496,13 @@ certify(internal, #certificate{}, certify(internal, #certificate{} = Cert, #state{negotiated_version = Version, role = Role, + host = Host, cert_db = CertDbHandle, cert_db_ref = CertDbRef, crl_db = CRLDbInfo, ssl_options = Opts} = State, Connection) -> case ssl_handshake:certify(Cert, CertDbHandle, CertDbRef, - Opts, CRLDbInfo, Role) of + Opts, CRLDbInfo, Role, Host) of {PeerCert, PublicKeyInfo} -> handle_peer_cert(Role, PeerCert, PublicKeyInfo, State#state{client_certificate_requested = false}, Connection); |