Disabled SSL certificate verify

[ruanlinqi]

Hi developers: Nowadays we made a large scale security static analysis on several open source projects, and found some mistakes in libstrophe-0.8.8. In the @src/Tls_openssl.c:68: tls_t tls_new(xmpp_ctx_t ctx, sock_t sock) { tls_t tls = xmpp_alloc(ctx, sizeof(tls));

if (tls) {
    int ret;
    memset(tls, 0, sizeof(*tls));

    tls->ctx = ctx;
    tls->sock = sock;
    tls->ssl_ctx = SSL_CTX_new(SSLv23_client_method());

   SSL_CTX_set_client_cert_cb(tls->ssl_ctx, NULL);
   SSL_CTX_set_mode (tls->ssl_ctx, SSL_MODE_ENABLE_PARTIAL_WRITE);
   SSL_CTX_set_verify (tls->ssl_ctx, SSL_VERIFY_NONE, NULL);

  tls->ssl = SSL_new(tls->ssl_ctx);

[..] }

The parameter SSL_VERIFY_NONE here can not configure this built-in certificate validation,so the handshake can continue even the cert is invalid.We recommand you use SSL_VERIFY_PEER to guarantee the security.We have send the bug report to Ubuntu launchpad,and also inform you of such news.Here are the link: https://bugs.launchpad.net/ubuntu/+source/libstrophe/+bug/1677511

[link2xt]

I would like to fix it, but the problem is that just switching to SSL_VERIFY_PEER is not enough. I need some way to access hostname from tls_new().

I have the following snippet I coded for fdm:

char *hostname = ???;
X509_VERIFY_PARAM *param = SSL_get0_param(tls->ssl);

/*
 * Allow only complete wildcards.  RFC 6125 discourages wildcard usage
 * completely, and lists internationalized domain names as a reason
 * against partial wildcards.
 * See https://tools.ietf.org/html/rfc6125#section-7.2 for more information.
 */
X509_VERIFY_PARAM_set_hostflags(param, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS);
X509_VERIFY_PARAM_set1_host(param, hostname, 0);

[pasis]

@labdsf, libstrophe doesn't export tls API, therefore, you can change it. Just make sure your changes are reflected in all tls implementations (src/tls_xxx.c). Also keep interface tidy.