Implement X509_VERIFY_PARAM_set1_ip_asc()

Firgeis · May 6, 2021 · e6430aa · e6430aa
1 parent 791b174
commit e6430aa
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 0 deletions.
diff --git a/src/ssl.ml b/src/ssl.ml
@@ -259,6 +259,8 @@ external set_hostflags : socket -> x509_check_flag list -> unit = "ocaml_ssl_set
 
 external set_host : socket -> string -> unit = "ocaml_ssl_set1_host"
 
+external set_ip : socket -> string -> unit = "ocaml_ssl_set1_ip"
+
 external write : socket -> Bytes.t -> int -> int -> int = "ocaml_ssl_write"
 
 external write_substring : socket -> string -> int -> int -> int = "ocaml_ssl_write"

diff --git a/src/ssl.mli b/src/ssl.mli
@@ -456,6 +456,11 @@ val set_hostflags : socket -> x509_check_flag list -> unit
 (* Set the expected host name to be verified. *)
 val set_host : socket -> string -> unit
 
+(** Set the expected ip address to be verified. Ip address is dotted decimal quad
+    for IPv4 and colon-separated hexadecimal for IPv6.
+    The condensed "::" notation is supported for IPv6 addresses. *)
+val set_ip : socket -> string -> unit
+
 (** Get the file descriptor associated with a socket. It is primarly useful for
     [select]ing on it; you should not write or read on it. *)
 val file_descr_of_socket : socket -> Unix.file_descr

diff --git a/src/ssl_stubs.c b/src/ssl_stubs.c
@@ -1500,6 +1500,19 @@ CAMLprim value ocaml_ssl_set1_host(value socket, value host)
   CAMLreturn(Val_unit);
 }
 
+CAMLprim value ocaml_ssl_set1_ip(value socket, value ip)
+{
+  CAMLparam2(socket, ip);
+  SSL *ssl = SSL_val(socket);
+  const char *ipval = String_val (ip);
+
+  caml_enter_blocking_section();
+  X509_VERIFY_PARAM_set1_ip_asc (SSL_get0_param(ssl), ipval);
+  caml_leave_blocking_section();
+
+  CAMLreturn(Val_unit);
+}
+
 CAMLprim value ocaml_ssl_write(value socket, value buffer, value start, value length)
 {
   CAMLparam2(socket, buffer);