aboutsummaryrefslogtreecommitdiff
path: root/contrib/epee/include/net/net_ssl.h
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--contrib/epee/include/net/net_ssl.h14
1 files changed, 13 insertions, 1 deletions
diff --git a/contrib/epee/include/net/net_ssl.h b/contrib/epee/include/net/net_ssl.h
index f36755013..ba6e2ee6d 100644
--- a/contrib/epee/include/net/net_ssl.h
+++ b/contrib/epee/include/net/net_ssl.h
@@ -108,9 +108,21 @@ namespace net_utils
then the handshake will not fail when peer verification fails. The
assumption is that a re-connect will be attempted, so a warning is
logged instead of failure.
+
+ \note It is strongly encouraged that clients using `system_ca`
+ verification provide a non-empty `host` for rfc2818 verification.
+
+ \param socket Used in SSL handshake and verification
+ \param type Client or server
+ \param host This parameter is only used when
+ `type == client && !host.empty()`. The value is sent to the server for
+ situations where multiple hostnames are being handled by a server. If
+ `verification == system_ca` the client also does a rfc2818 check to
+ ensure that the server certificate is to the provided hostname.
+
\return True if the SSL handshake completes with peer verification
settings. */
- bool handshake(boost::asio::ssl::stream<boost::asio::ip::tcp::socket> &socket, boost::asio::ssl::stream_base::handshake_type type) const;
+ bool handshake(boost::asio::ssl::stream<boost::asio::ip::tcp::socket> &socket, boost::asio::ssl::stream_base::handshake_type type, const std::string& host = {}) const;
};
// https://security.stackexchange.com/questions/34780/checking-client-hello-for-https-classification