From dc92a514efc9fee1b7e6c90b70dff71f5f5a3110 Mon Sep 17 00:00:00 2001
From: Steven Fackler <sfackler@palantir.com>
Date: Wed, 20 Sep 2017 10:04:09 -0400
Subject: Properly handle IPs in hostname verification

---
 openssl/src/ssl/connector.rs | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'openssl/src/ssl')

diff --git a/openssl/src/ssl/connector.rs b/openssl/src/ssl/connector.rs
index 8f568054..076f246f 100644
--- a/openssl/src/ssl/connector.rs
+++ b/openssl/src/ssl/connector.rs
@@ -355,7 +355,10 @@ fn setup_verify(ctx: &mut SslContextBuilder) {
 fn setup_verify_hostname(ssl: &mut Ssl, domain: &str) -> Result<(), ErrorStack> {
     let param = ssl._param_mut();
     param.set_hostflags(::verify::X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS);
-    param.set_host(domain)
+    match domain.parse() {
+        Ok(ip) => param.set_ip(ip),
+        Err(_) => param.set_host(domain),
+    }
 }
 
 #[cfg(ossl101)]
-- 
cgit v1.2.3