From 48292d8c939d534a360d4028f1565f1b5f2ee33a Mon Sep 17 00:00:00 2001 From: Stephen Farrell Date: Wed, 29 May 2024 12:32:32 +0100 Subject: [PATCH] openSSL: fix hostname handling when using ECH Reported-by: vvb2060 Fixes #13818 Closes #13822 --- lib/vtls/openssl.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c index 98fa962ab0..c9120cd37f 100644 --- a/lib/vtls/openssl.c +++ b/lib/vtls/openssl.c @@ -3537,9 +3537,6 @@ CURLcode Curl_ossl_ctx_init(struct ossl_ctx *octx, const char * const ssl_cert_type = ssl_config->cert_type; const bool verifypeer = conn_config->verifypeer; char error_buffer[256]; -#ifdef USE_ECH - struct ssl_connect_data *connssl = cf->ctx; -#endif /* Make funny stuff to get random input */ result = ossl_seed(data); @@ -3938,7 +3935,8 @@ CURLcode Curl_ossl_ctx_init(struct ossl_ctx *octx, else { struct Curl_dns_entry *dns = NULL; - dns = Curl_fetch_addr(data, connssl->peer.hostname, connssl->peer.port); + if(peer->hostname) + dns = Curl_fetch_addr(data, peer->hostname, peer->port); if(!dns) { infof(data, "ECH: requested but no DNS info available"); if(data->set.tls_ech & CURLECH_HARD) @@ -3987,9 +3985,9 @@ CURLcode Curl_ossl_ctx_init(struct ossl_ctx *octx, # else if(trying_ech_now && outername) { infof(data, "ECH: inner: '%s', outer: '%s'", - connssl->peer.hostname, outername); + peer->hostname ? peer->hostname : "NULL", outername); result = SSL_ech_set_server_names(octx->ssl, - connssl->peer.hostname, outername, + peer->hostname, outername, 0 /* do send outer */); if(result != 1) { infof(data, "ECH: rv failed to set server name(s) %d [ERROR]", result); -- 2.47.3