/src/mosquitto/lib/tls_mosq.c
Line | Count | Source |
1 | | /* |
2 | | Copyright (c) 2013-2021 Roger Light <roger@atchoo.org> |
3 | | |
4 | | All rights reserved. This program and the accompanying materials |
5 | | are made available under the terms of the Eclipse Public License 2.0 |
6 | | and Eclipse Distribution License v1.0 which accompany this distribution. |
7 | | |
8 | | The Eclipse Public License is available at |
9 | | https://www.eclipse.org/legal/epl-2.0/ |
10 | | and the Eclipse Distribution License is available at |
11 | | http://www.eclipse.org/org/documents/edl-v10.php. |
12 | | |
13 | | SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause |
14 | | |
15 | | Contributors: |
16 | | Roger Light - initial implementation and documentation. |
17 | | */ |
18 | | |
19 | | #include "config.h" |
20 | | |
21 | | #ifdef WITH_TLS |
22 | | |
23 | | #ifdef WIN32 |
24 | | # include <winsock2.h> |
25 | | # include <ws2tcpip.h> |
26 | | #else |
27 | | # include <arpa/inet.h> |
28 | | # include <sys/socket.h> |
29 | | # include <strings.h> |
30 | | #endif |
31 | | |
32 | | #include <string.h> |
33 | | #include <openssl/conf.h> |
34 | | #include <openssl/x509v3.h> |
35 | | #include <openssl/ssl.h> |
36 | | |
37 | | #ifdef WITH_BROKER |
38 | | # include "mosquitto_broker_internal.h" |
39 | | #endif |
40 | | #include "mosquitto_internal.h" |
41 | | #include "logging_mosq.h" |
42 | | #include "tls_mosq.h" |
43 | | |
44 | | |
45 | | int mosquitto__server_certificate_verify(int preverify_ok, X509_STORE_CTX *ctx) |
46 | 0 | { |
47 | 0 | UNUSED(ctx); |
48 | |
|
49 | 0 | return preverify_ok; |
50 | 0 | } |
51 | | |
52 | | |
53 | | int tls__set_verify_hostname(struct mosquitto *mosq, const char *hostname) |
54 | 0 | { |
55 | 0 | unsigned char ipv6_addr[16]; |
56 | 0 | unsigned char ipv4_addr[4]; |
57 | 0 | int ipv6_ok; |
58 | 0 | int ipv4_ok; |
59 | 0 | int rc; |
60 | |
|
61 | 0 | if(mosq->tls_cafile == NULL && mosq->tls_capath == NULL && mosq->tls_use_os_certs == false){ |
62 | 0 | return MOSQ_ERR_SUCCESS; |
63 | 0 | } |
64 | | #ifndef WITH_BROKER |
65 | | if(mosq->port == 0){ |
66 | | /* No hostname verification for unix sockets */ |
67 | | return MOSQ_ERR_SUCCESS; |
68 | | } |
69 | | #endif |
70 | | #ifdef WIN32 |
71 | | ipv6_ok = InetPton(AF_INET6, hostname, &ipv6_addr); |
72 | | ipv4_ok = InetPton(AF_INET, hostname, &ipv4_addr); |
73 | | #else |
74 | 0 | ipv6_ok = inet_pton(AF_INET6, hostname, &ipv6_addr); |
75 | 0 | ipv4_ok = inet_pton(AF_INET, hostname, &ipv4_addr); |
76 | 0 | #endif |
77 | |
|
78 | 0 | X509_VERIFY_PARAM *param = SSL_get0_param(mosq->ssl); |
79 | 0 | if(ipv4_ok || ipv6_ok){ |
80 | 0 | rc = X509_VERIFY_PARAM_set1_ip_asc(param, hostname); |
81 | 0 | }else{ |
82 | 0 | rc = X509_VERIFY_PARAM_set1_host(param, hostname, 0); |
83 | 0 | } |
84 | 0 | if(rc == 1){ |
85 | 0 | return MOSQ_ERR_SUCCESS; |
86 | 0 | }else{ |
87 | 0 | return MOSQ_ERR_TLS; |
88 | 0 | } |
89 | 0 | } |
90 | | #endif |