Prepare to provide SSL_set_hostflags()

Yet another one of these X509_VERIFY_PARAM reacharounds into
libcrypto. Recently found in imapfilter, also used elsewhere.
Will be made publicly visible with the next minor bump.

ok jsing

diff --git a/lib/libssl/ssl.h b/lib/libssl/ssl.h
index a6ac6a1..425ba50 100644 (file)
--- a/lib/libssl/ssl.h
+++ b/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl.h,v 1.179 2020/10/14 16:49:57 jsing Exp $ */
+/* $OpenBSD: ssl.h,v 1.180 2021/01/26 18:43:41 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1444,6 +1444,7 @@ int SSL_CTX_set_trust(SSL_CTX *s, int trust);
 int SSL_set_trust(SSL *s, int trust);
 int SSL_set1_host(SSL *s, const char *hostname);
 #if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL)
+void SSL_set_hostflags(SSL *s, unsigned int flags);
 const char *SSL_get0_peername(SSL *s);
 #endif
 

diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c
index e0e0ae4..3a69adb 100644 (file)
--- a/lib/libssl/ssl_lib.c
+++ b/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.241 2021/01/26 14:22:19 jsing Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.242 2021/01/26 18:43:41 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -469,6 +469,12 @@ SSL_set1_host(SSL *s, const char *hostname)
                return X509_VERIFY_PARAM_set1_host(s->param, hostname, 0);
 }
 
+void
+SSL_set_hostflags(SSL *s, unsigned int flags)
+{
+       X509_VERIFY_PARAM_set_hostflags(s->param, flags);
+}
+
 const char *
 SSL_get0_peername(SSL *s)
 {