Verify hostname matches certificate

eakraly · deanberris · commit 449b8f5ab746 · 2014-12-17T23:38:00.000+11:00
diff --git a/boost/network/protocol/http/client/connection/async_normal.hpp b/boost/network/protocol/http/client/connection/async_normal.hpp
@@ -128,7 +128,7 @@ struct http_async_connection
     is_timedout_ = true;
   }
 
-  void handle_resolved(boost::uint16_t port, bool get_body,
+  void handle_resolved(string_type host, boost::uint16_t port, bool get_body,
                        body_callback_function_type callback,
                        body_generator_function_type generator,
                        boost::system::error_code const& ec,
@@ -140,9 +140,9 @@ struct http_async_connection
       resolver_iterator iter = boost::begin(endpoint_range);
       asio::ip::tcp::endpoint endpoint(iter->endpoint().address(), port);
       delegate_->connect(
-          endpoint, request_strand_.wrap(boost::bind(
+          endpoint, host, request_strand_.wrap(boost::bind(
                         &this_type::handle_connected,
-                        this_type::shared_from_this(), port, get_body, callback,
+                        this_type::shared_from_this(), host, port, get_body, callback,
                         generator, std::make_pair(++iter, resolver_iterator()),
                         placeholders::error)));
     } else {
@@ -152,7 +152,7 @@ struct http_async_connection
     }
   }
 
-  void handle_connected(boost::uint16_t port, bool get_body,
+  void handle_connected(string_type host, boost::uint16_t port, bool get_body,
                         body_callback_function_type callback,
                         body_generator_function_type generator,
                         resolver_iterator_pair endpoint_range,
@@ -173,9 +173,10 @@ struct http_async_connection
         asio::ip::tcp::endpoint endpoint(iter->endpoint().address(), port);
         delegate_->connect(
             endpoint,
+			host,
             request_strand_.wrap(boost::bind(
                 &this_type::handle_connected, this_type::shared_from_this(),
-                port, get_body, callback, generator,
+                host, port, get_body, callback, generator,
                 std::make_pair(++iter, resolver_iterator()),
                 placeholders::error)));
       } else {
diff --git a/boost/network/protocol/http/client/connection/normal_delegate.hpp b/boost/network/protocol/http/client/connection/normal_delegate.hpp
@@ -19,7 +19,7 @@ namespace impl {
 struct normal_delegate : connection_delegate {
   normal_delegate(asio::io_service &service);
 
-  virtual void connect(asio::ip::tcp::endpoint &endpoint,
+  virtual void connect(asio::ip::tcp::endpoint & endpoint, std::string host,
                        function<void(system::error_code const &)> handler);
   virtual void write(
       asio::streambuf &command_streambuf,
diff --git a/boost/network/protocol/http/client/connection/normal_delegate.ipp b/boost/network/protocol/http/client/connection/normal_delegate.ipp
@@ -19,7 +19,8 @@ boost::network::http::impl::normal_delegate::normal_delegate(
     : service_(service) {}
 
 void boost::network::http::impl::normal_delegate::connect(
-    asio::ip::tcp::endpoint &endpoint,
+    asio::ip::tcp::endpoint & endpoint,
+	std::string host,
     function<void(system::error_code const &)> handler) {
   socket_.reset(new asio::ip::tcp::socket(service_));
   socket_->async_connect(endpoint, handler);
diff --git a/boost/network/protocol/http/client/connection/ssl_delegate.hpp b/boost/network/protocol/http/client/connection/ssl_delegate.hpp
@@ -28,7 +28,7 @@ struct ssl_delegate : connection_delegate,
                optional<std::string> certificate_file,
                optional<std::string> private_key_file);
 
-  virtual void connect(asio::ip::tcp::endpoint &endpoint,
+  virtual void connect(asio::ip::tcp::endpoint &endpoint, std::string host,
                        function<void(system::error_code const &)> handler);
   virtual void write(
       asio::streambuf &command_streambuf,
diff --git a/boost/network/protocol/http/client/connection/ssl_delegate.ipp b/boost/network/protocol/http/client/connection/ssl_delegate.ipp
@@ -25,6 +25,7 @@ boost::network::http::impl::ssl_delegate::ssl_delegate(
 
 void boost::network::http::impl::ssl_delegate::connect(
     asio::ip::tcp::endpoint &endpoint,
+	std::string host,
     function<void(system::error_code const &)> handler) {
   context_.reset(
       new asio::ssl::context(service_, asio::ssl::context::sslv23_client));
@@ -47,6 +48,7 @@ void boost::network::http::impl::ssl_delegate::connect(
                                    boost::asio::ssl::context::pem);
   socket_.reset(
       new asio::ssl::stream<asio::ip::tcp::socket>(service_, *context_));
+  socket_->set_verify_callback(boost::asio::ssl::rfc2818_verification(host));
   socket_->lowest_layer().async_connect(
       endpoint,
       ::boost::bind(
