Merge pull request #31 from Neimhin/s_server-ctx-switch

Correctly switch to ctx2 when ECH succeeds in s_server
sftcd · Jun 15, 2024 · 099c31d · 099c31d
2 parents 9958b1f + ea09a3f
commit 099c31d
Showing 1 changed file with 3 additions and 17 deletions.
diff --git a/apps/s_server.c b/apps/s_server.c
@@ -664,22 +664,8 @@ static int ssl_ech_servername_cb(SSL *s, int *ad, void *arg)
         return SSL_TLSEXT_ERR_NOACK;
     if (echrv == SSL_ECH_STATUS_SUCCESS && servername != NULL) {
         if (ctx2 != NULL) {
-            int mrv;
-            X509_VERIFY_PARAM *vpm = NULL;
-
-            BIO_printf(p->biodebug,
-                       "ssl_ech_servername_cb: TLS servername: %s.\n",
-                       servername);
-            BIO_printf(p->biodebug,
-                       "ssl_ech_servername_cb: Cert servername: %s.\n",
-                       p->servername);
-            vpm = X509_VERIFY_PARAM_new();
-            if (vpm == NULL)
-                return SSL_TLSEXT_ERR_NOACK;
-            mrv = X509_VERIFY_PARAM_set1_host(vpm, servername,
-                                              strlen(servername));
-            X509_VERIFY_PARAM_free(vpm);
-            if (mrv == 1) {
+            int check_hostrv = X509_check_host(p->scert, servername, 0, 0, NULL);
+            if (check_hostrv == 1) {
                 if (p->biodebug != NULL)
                      BIO_printf(p->biodebug,
                                 "ssl_ech_servername_cb: Switching context.\n");
@@ -688,7 +674,7 @@ static int ssl_ech_servername_cb(SSL *s, int *ad, void *arg)
                 if (p->biodebug!=NULL)
                      BIO_printf(p->biodebug,
                                 "ssl_ech_servername_cb: Not switching context "\
-                                "- no name match (%d).\n",mrv);
+                                "- no name match (%d).\n",check_hostrv);
             }
         }
     } else {