From: Sean Bright <sean@seanbright.com>
Date: Thu, 9 Nov 2023 22:59:19 +0000 (-0500)
Subject: res_http_websocket.c: Set hostname on client for certificate validation.
X-Git-Tag: 21.1.0-rc1~28
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a44fde08dd2463ea84cc635f29e6cedd0ccd7800;p=thirdparty%2Fasterisk.git

res_http_websocket.c: Set hostname on client for certificate validation.

Additionally add a `assert()` to in the TLS client setup code to
ensure that hostname is set when it is supposed to be.

Fixes #433

(cherry picked from commit 40a9f5a88c96bfcfac28a7eb210a562f2490fe3d)
---

diff --git a/main/tcptls.c b/main/tcptls.c
index e51e70ef0d..73a165726c 100644
--- a/main/tcptls.c
+++ b/main/tcptls.c
@@ -680,6 +680,10 @@ struct ast_tcptls_session_instance *ast_tcptls_client_create(struct ast_tcptls_s
 	int fd, x = 1;
 	struct ast_tcptls_session_instance *tcptls_session = NULL;
 
+	ast_assert(!desc->tls_cfg
+			|| ast_test_flag(&desc->tls_cfg->flags, AST_SSL_DONT_VERIFY_SERVER)
+			|| !ast_strlen_zero(desc->hostname));
+
 	/* Do nothing if nothing has changed */
 	if (!ast_sockaddr_cmp(&desc->old_address, &desc->remote_address)) {
 		ast_debug(1, "Nothing changed in %s\n", desc->name);
diff --git a/res/res_http_websocket.c b/res/res_http_websocket.c
index f8da487828..0339c79823 100644
--- a/res/res_http_websocket.c
+++ b/res/res_http_websocket.c
@@ -1163,6 +1163,12 @@ static struct ast_tcptls_session_args *websocket_client_args_create(
 	}
 	ast_sockaddr_copy(&args->remote_address, addr);
 	ast_free(addr);
+
+	/* We need to save off the hostname but it may contain a port spec */
+	snprintf(args->hostname, sizeof(args->hostname),
+		"%.*s",
+		(int) strcspn(host, ":"), host);
+
 	return args;
 }