dany/luasec
1
0
Fork 0
mirror of https://github.com/brunoos/luasec.git synced 2024-11-09 15:08:26 +01:00
Code Issues Packages Projects Releases Wiki Activity

Make https request fail if hostname does not match

Browse Source
This commit is contained in:
Bart van Strien 2015-06-05 16:49:11 +02:00
parent cde151739e
commit 6a828b33e5
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/https.lua
View File

@ -68,6 +68,14 @@ local function reg(conn)
end end
end end
-- Check host name
local function checkhostname(sock, hostname)
if not sock:checkhostname(hostname) then
return nil, "hostname does not match certificate"
end
return true
end
-- Return a function which performs the SSL/TLS connection. -- Return a function which performs the SSL/TLS connection.
local function tcp(params) local function tcp(params)
params = params or {} params = params or {}
@ -90,6 +98,7 @@ local function tcp(params)
try(self.sock:connect(host, port)) try(self.sock:connect(host, port))
self.sock = try(ssl.wrap(self.sock, params)) self.sock = try(ssl.wrap(self.sock, params))
try(self.sock:dohandshake()) try(self.sock:dohandshake())
try(checkhostname(self.sock, host))
reg(self, getmetatable(self.sock)) reg(self, getmetatable(self.sock))
return 1 return 1
end end