Implemented #2770 (#6306)

* Added Punycode sanitation to server hostname for client * Declared the type of the instance variable in the class and initialized to a blank string * Remove unneccessary comments and simplified the code * Dealt with the hostname string being nillable
crystal-lang · Jul 3, 2018 · 735be7f · 735be7f
1 parent 75b46ac
commit 735be7f
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/src/openssl/ssl/context.cr b/src/openssl/ssl/context.cr
@@ -1,3 +1,5 @@
+require "uri/punycode"
+
 abstract class OpenSSL::SSL::Context
   # :nodoc:
   def self.default_method
@@ -72,6 +74,9 @@ abstract class OpenSSL::SSL::Context
     # context = OpenSSL::SSL::Context::Client.new
     # context.add_options(OpenSSL::SSL::Options::NO_SSL_V2 | OpenSSL::SSL::Options::NO_SSL_V3)
     # ```
+
+    @hostname : String?
+
     def initialize(method : LibSSL::SSLMethod = Context.default_method)
       super(method)
 
@@ -95,6 +100,9 @@ abstract class OpenSSL::SSL::Context
     #
     # Required for OpenSSL <= 1.0.1 only.
     protected def set_cert_verify_callback(hostname : String)
+      # Sanitize the hostname with PunyCode
+      hostname = URI::Punycode.to_ascii hostname
+
       # Keep a reference so the GC doesn't collect it after sending it to C land
       @hostname = hostname
       LibSSL.ssl_ctx_set_cert_verify_callback(@handle, ->(x509_ctx, arg) {