diff --git a/chttp.c b/chttp.c index 8b8a65a..7932e83 100644 --- a/chttp.c +++ b/chttp.c @@ -2435,8 +2435,22 @@ static void socket_update(Socket *s) else addr = s->addr; - if (addr.name) + if (addr.name) { + + // Set expected hostname for verification + if (SSL_set1_host(s->ssl, addr.name->data) != 1) { + s->state = SOCKET_STATE_DIED; + s->events = 0; + break; + } + + // Optional but recommended: be strict about wildcards + SSL_set_hostflags(s->ssl, + X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS); + + // Also set for SNI (Server Name Indication) SSL_set_tlsext_host_name(s->ssl, addr.name->data); + } } int ret = SSL_connect(s->ssl); @@ -2738,7 +2752,7 @@ static int socket_manager_translate_events_nolock( s->server_secure_context = NULL; s->client_secure_context = NULL; if (secure) - &s->server_secure_context = sm->server_secure_context; + s->server_secure_context = &sm->server_secure_context; #endif socket_update(s); diff --git a/misc/TODO.txt b/misc/TODO.txt index bd49f6a..74b8dda 100644 --- a/misc/TODO.txt +++ b/misc/TODO.txt @@ -1,4 +1,2 @@ -- From Claude: - While peer verification is enabled, there's no hostname verification. An attacker with any valid certificate could MITM connections. Should add SSL_set1_host(ssl, hostname); - Add connection timeouts - Per RFC 6265, cookie values can be quoted. This parser would include the quotes in the value. diff --git a/src/socket.c b/src/socket.c index dcc10f3..421832d 100644 --- a/src/socket.c +++ b/src/socket.c @@ -465,8 +465,22 @@ static void socket_update(Socket *s) else addr = s->addr; - if (addr.name) + if (addr.name) { + + // Set expected hostname for verification + if (SSL_set1_host(s->ssl, addr.name->data) != 1) { + s->state = SOCKET_STATE_DIED; + s->events = 0; + break; + } + + // Optional but recommended: be strict about wildcards + SSL_set_hostflags(s->ssl, + X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS); + + // Also set for SNI (Server Name Indication) SSL_set_tlsext_host_name(s->ssl, addr.name->data); + } } int ret = SSL_connect(s->ssl);