option for hostname verification

vapor-community · Apr 6, 2017 · 46a612f · 46a612f
1 parent 43884dd
commit 46a612f
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 2 deletions.
diff --git a/Sources/TLS/ClientSocket.swift b/Sources/TLS/ClientSocket.swift
@@ -25,15 +25,16 @@ extension ClientSocket {
             functionName: "SSL_set_fd"
         )
 
-        if context.verifyHost {
-            // print("Warning: Host verification not implemented.")
+        if let servername = servername, context.verifyHost {
+            #if ENABLE_HOSTNAME_VERIFICATION
             let param = SSL_get0_param(ssl)
             X509_VERIFY_PARAM_set_hostflags(
                 param,
                 UInt32(X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS)
             )
             X509_VERIFY_PARAM_set1_host(param, servername, 0);
             SSL_set_verify(ssl, SSL_VERIFY_PEER, nil)
+            #endif
         }
 
         try assert(

diff --git a/Tests/TLSTests/LiveTests.swift b/Tests/TLSTests/LiveTests.swift
@@ -58,7 +58,9 @@ class LiveTests: XCTestCase {
             try socket.connect(servername: "httpbin.org")
             try socket.write("GET / HTTP/1.1\r\nHost: swift.org\r\n\r\n".makeBytes())
 
+            #if ENABLE_HOSTNAME_VERIFICATION
             XCTFail("Should not have sent.")
+            #endif
         } catch let error as TLSError {
             if error.functionName == "SSL_connect" && error.reason == "certificate verify failed" {
                 // pass