From: tb <tb@openbsd.org>
Date: Tue, 26 Jan 2021 18:43:41 +0000 (+0000)
Subject: Prepare to provide SSL_set_hostflags()
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=cef7ca0d65d8801c0e05f0657cbce0f3d2c547ff;p=openbsd

Prepare to provide SSL_set_hostflags()

Yet another one of these X509_VERIFY_PARAM reacharounds into
libcrypto. Recently found in imapfilter, also used elsewhere.
Will be made publicly visible with the next minor bump.

ok jsing
---

diff --git a/lib/libssl/ssl.h b/lib/libssl/ssl.h
index a6ac6a1825b..425ba50c146 100644
--- a/lib/libssl/ssl.h
+++ b/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl.h,v 1.179 2020/10/14 16:49:57 jsing Exp $ */
+/* $OpenBSD: ssl.h,v 1.180 2021/01/26 18:43:41 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1444,6 +1444,7 @@ int SSL_CTX_set_trust(SSL_CTX *s, int trust);
 int SSL_set_trust(SSL *s, int trust);
 int SSL_set1_host(SSL *s, const char *hostname);
 #if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL)
+void SSL_set_hostflags(SSL *s, unsigned int flags);
 const char *SSL_get0_peername(SSL *s);
 #endif
 
diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c
index e0e0ae4ff11..3a69adbc27e 100644
--- a/lib/libssl/ssl_lib.c
+++ b/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.241 2021/01/26 14:22:19 jsing Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.242 2021/01/26 18:43:41 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -469,6 +469,12 @@ SSL_set1_host(SSL *s, const char *hostname)
 		return X509_VERIFY_PARAM_set1_host(s->param, hostname, 0);
 }
 
+void
+SSL_set_hostflags(SSL *s, unsigned int flags)
+{
+	X509_VERIFY_PARAM_set_hostflags(s->param, flags);
+}
+
 const char *
 SSL_get0_peername(SSL *s)
 {