@@ -495,7 +495,7 @@ nc_client_tls_ch_del_bind(const char *address, uint16_t port)
495495}
496496
497497static int
498- nc_client_tls_update_opts (struct nc_client_tls_opts * opts , const char * host )
498+ nc_client_tls_update_opts (struct nc_client_tls_opts * opts , const char * peername )
499499{
500500 int rc = 0 ;
501501 char * key ;
@@ -548,17 +548,19 @@ nc_client_tls_update_opts(struct nc_client_tls_opts *opts, const char *host)
548548 }
549549
550550#if OPENSSL_VERSION_NUMBER >= 0x10100000L // >= 1.1.0
551- /* server identity (hostname) verification */
552- vpm = X509_VERIFY_PARAM_new ();
553- if (!X509_VERIFY_PARAM_set1_host (vpm , host , 0 )) {
554- ERR (NULL , "Failed to set expected server hostname (%s)." , ERR_reason_error_string (ERR_get_error ()));
555- rc = -1 ;
556- goto cleanup ;
557- }
558- if (!SSL_CTX_set1_param (opts -> tls_ctx , vpm )) {
559- ERR (NULL , "Failed to set verify params (%s)." , ERR_reason_error_string (ERR_get_error ()));
560- rc = -1 ;
561- goto cleanup ;
551+ if (peername ) {
552+ /* server identity (hostname) verification */
553+ vpm = X509_VERIFY_PARAM_new ();
554+ if (!X509_VERIFY_PARAM_set1_host (vpm , peername , 0 )) {
555+ ERR (NULL , "Failed to set expected server hostname (%s)." , ERR_reason_error_string (ERR_get_error ()));
556+ rc = -1 ;
557+ goto cleanup ;
558+ }
559+ if (!SSL_CTX_set1_param (opts -> tls_ctx , vpm )) {
560+ ERR (NULL , "Failed to set verify params (%s)." , ERR_reason_error_string (ERR_get_error ()));
561+ rc = -1 ;
562+ goto cleanup ;
563+ }
562564 }
563565#endif
564566 }
@@ -806,7 +808,8 @@ nc_accept_callhome_tls_sock(int sock, const char *host, uint16_t port, struct ly
806808 struct nc_session * session = NULL ;
807809 struct timespec ts_timeout ;
808810
809- if (nc_client_tls_update_opts (& tls_ch_opts , host )) {
811+ /* create/update TLS structures without setting the peername */
812+ if (nc_client_tls_update_opts (& tls_ch_opts , NULL )) {
810813 goto cleanup ;
811814 }
812815
0 commit comments