Make https request fail if hostname does not match

2024-09-18 18:16:40 +02:00 · 2015-06-05 16:49:11 +02:00 · 2015-06-05 16:49:11 +02:00 · 6a828b33e5
commit 6a828b33e5
parent cde151739e
1 changed files with 9 additions and 0 deletions
--- a/src/https.lua
+++ b/src/https.lua
@ -68,6 +68,14 @@ local function reg(conn)
   end
 end

+-- Check host name
+local function checkhostname(sock, hostname)
+  if not sock:checkhostname(hostname) then
+    return nil, "hostname does not match certificate"
+  end
+  return true
+end
+
 -- Return a function which performs the SSL/TLS connection.
 local function tcp(params)
   params = params or {}
@ -90,6 +98,7 @@ local function tcp(params)
         try(self.sock:connect(host, port))
         self.sock = try(ssl.wrap(self.sock, params))
         try(self.sock:dohandshake())
+         try(checkhostname(self.sock, host))
         reg(self, getmetatable(self.sock))
         return 1
      end