Make https request fail if hostname does not match

This commit is contained in:
Bart van Strien 2015-06-05 16:49:11 +02:00
parent cde151739e
commit 6a828b33e5

View File

@ -68,6 +68,14 @@ local function reg(conn)
end end
end end
-- Check host name
local function checkhostname(sock, hostname)
if not sock:checkhostname(hostname) then
return nil, "hostname does not match certificate"
end
return true
end
-- Return a function which performs the SSL/TLS connection. -- Return a function which performs the SSL/TLS connection.
local function tcp(params) local function tcp(params)
params = params or {} params = params or {}
@ -90,6 +98,7 @@ local function tcp(params)
try(self.sock:connect(host, port)) try(self.sock:connect(host, port))
self.sock = try(ssl.wrap(self.sock, params)) self.sock = try(ssl.wrap(self.sock, params))
try(self.sock:dohandshake()) try(self.sock:dohandshake())
try(checkhostname(self.sock, host))
reg(self, getmetatable(self.sock)) reg(self, getmetatable(self.sock))
return 1 return 1
end end