From 0a2bf2c83701fa7051b00e3d1acbca93f5035302 Mon Sep 17 00:00:00 2001
From: paulkass <pkassian@mail.ccsf.edu>
Date: Sat, 30 Jun 2018 23:39:14 -0700
Subject: [PATCH 1/4] Added Punycode sanitation to server hostname for client
---
src/openssl/ssl/context.cr | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/src/openssl/ssl/context.cr b/src/openssl/ssl/context.cr
index b8bd3aeccbf7..a2918055144d 100644
--- a/src/openssl/ssl/context.cr
+++ b/src/openssl/ssl/context.cr
@@ -1,3 +1,5 @@
+require "uri/punycode"
+
abstract class OpenSSL::SSL::Context
# :nodoc:
def self.default_method
@@ -95,6 +97,9 @@ abstract class OpenSSL::SSL::Context
#
# Required for OpenSSL <= 1.0.1 only.
protected def set_cert_verify_callback(hostname : String)
+ # Sanitize the hostname with PunyCode
+ hostname = URI::Punycode.to_ascii hostname
+
# Keep a reference so the GC doesn't collect it after sending it to C land
@hostname = hostname
LibSSL.ssl_ctx_set_cert_verify_callback(@handle, ->(x509_ctx, arg) {
From 080d476240bf6afe9c15fe66145a30312322506d Mon Sep 17 00:00:00 2001
From: paulkass <pkassian@mail.ccsf.edu>
Date: Sun, 1 Jul 2018 19:34:34 -0700
Subject: [PATCH 2/4] Declared the type of the instance variable in the class
and initialized to a blank string
---
src/openssl/ssl/context.cr | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/src/openssl/ssl/context.cr b/src/openssl/ssl/context.cr
index a2918055144d..ca3ae286e215 100644
--- a/src/openssl/ssl/context.cr
+++ b/src/openssl/ssl/context.cr
@@ -74,9 +74,15 @@ abstract class OpenSSL::SSL::Context
# context = OpenSSL::SSL::Context::Client.new
# context.add_options(OpenSSL::SSL::Options::NO_SSL_V2 | OpenSSL::SSL::Options::NO_SSL_V3)
# ```
+
+ # declare type of @hostname
+ @hostname : String
+
def initialize(method : LibSSL::SSLMethod = Context.default_method)
super(method)
+ @hostname = ""
+
self.verify_mode = OpenSSL::SSL::VerifyMode::PEER
{% if LibSSL::OPENSSL_102 %}
self.default_verify_param = "ssl_server"
From 6dbc367989632fbea9a8b31db8dffc0898d64888 Mon Sep 17 00:00:00 2001
From: paulkass <pkassian@mail.ccsf.edu>
Date: Sun, 1 Jul 2018 20:42:24 -0700
Subject: [PATCH 3/4] Remove unneccessary comments and simplified the code
---
src/openssl/ssl/context.cr | 5 +----
1 file changed, 1 insertion(+), 4 deletions(-)
diff --git a/src/openssl/ssl/context.cr b/src/openssl/ssl/context.cr
index ca3ae286e215..ee1271a18aa7 100644
--- a/src/openssl/ssl/context.cr
+++ b/src/openssl/ssl/context.cr
@@ -75,14 +75,11 @@ abstract class OpenSSL::SSL::Context
# context.add_options(OpenSSL::SSL::Options::NO_SSL_V2 | OpenSSL::SSL::Options::NO_SSL_V3)
# ```
- # declare type of @hostname
- @hostname : String
+ @hostname : String = ""
def initialize(method : LibSSL::SSLMethod = Context.default_method)
super(method)
- @hostname = ""
-
self.verify_mode = OpenSSL::SSL::VerifyMode::PEER
{% if LibSSL::OPENSSL_102 %}
self.default_verify_param = "ssl_server"
From 7d8783b66737f12627e91098aa168dae92b1baf2 Mon Sep 17 00:00:00 2001
From: paulkass <pkassian@mail.ccsf.edu>
Date: Tue, 3 Jul 2018 06:57:47 -0700
Subject: [PATCH 4/4] Dealt with the hostname string being nillable
---
src/openssl/ssl/context.cr | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/openssl/ssl/context.cr b/src/openssl/ssl/context.cr
index ee1271a18aa7..c10b13620891 100644
--- a/src/openssl/ssl/context.cr
+++ b/src/openssl/ssl/context.cr
@@ -75,7 +75,7 @@ abstract class OpenSSL::SSL::Context
# context.add_options(OpenSSL::SSL::Options::NO_SSL_V2 | OpenSSL::SSL::Options::NO_SSL_V3)
# ```
- @hostname : String = ""
+ @hostname : String?
def initialize(method : LibSSL::SSLMethod = Context.default_method)
super(method)