X-Git-Url: https://git.proxmox.com/?a=blobdiff_plain;f=CryptoPkg%2FLibrary%2FTlsLib%2FTlsConfig.c;h=307eb57896dc3d0db46abae4857311d864b5ca56;hb=1e72b1fb2ec597caedb5170079bb213f6d67f32a;hp=2bf5aee7c09365d8fbe3a64a77e4ef37e24722b0;hpb=2ca74e1a175232cc201798e27437700adc7fb07e;p=mirror_edk2.git

diff --git a/CryptoPkg/Library/TlsLib/TlsConfig.c b/CryptoPkg/Library/TlsLib/TlsConfig.c
index 2bf5aee7c0..307eb57896 100644
--- a/CryptoPkg/Library/TlsLib/TlsConfig.c
+++ b/CryptoPkg/Library/TlsLib/TlsConfig.c
@@ -517,7 +517,11 @@ TlsSetVerifyHost (
   IN     CHAR8                    *HostName
   )
 {
-  TLS_CONNECTION  *TlsConn;
+  TLS_CONNECTION    *TlsConn;
+  X509_VERIFY_PARAM *VerifyParam;
+  UINTN             BinaryAddressSize;
+  UINT8             BinaryAddress[MAX (NS_INADDRSZ, NS_IN6ADDRSZ)];
+  INTN              ParamStatus;
 
   TlsConn = (TLS_CONNECTION *) Tls;
   if (TlsConn == NULL || TlsConn->Ssl == NULL || HostName == NULL) {
@@ -526,11 +530,27 @@ TlsSetVerifyHost (
 
   SSL_set_hostflags(TlsConn->Ssl, Flags);
 
-  if (SSL_set1_host(TlsConn->Ssl, HostName) == 0) {
-    return EFI_ABORTED;
+  VerifyParam = SSL_get0_param (TlsConn->Ssl);
+  ASSERT (VerifyParam != NULL);
+
+  BinaryAddressSize = 0;
+  if (inet_pton (AF_INET6, HostName, BinaryAddress) == 1) {
+    BinaryAddressSize = NS_IN6ADDRSZ;
+  } else if (inet_pton (AF_INET, HostName, BinaryAddress) == 1) {
+    BinaryAddressSize = NS_INADDRSZ;
   }
 
-  return EFI_SUCCESS;
+  if (BinaryAddressSize > 0) {
+    DEBUG ((DEBUG_VERBOSE, "%a:%a: parsed \"%a\" as an IPv%c address "
+      "literal\n", gEfiCallerBaseName, __FUNCTION__, HostName,
+      (UINTN)((BinaryAddressSize == NS_IN6ADDRSZ) ? '6' : '4')));
+    ParamStatus = X509_VERIFY_PARAM_set1_ip (VerifyParam, BinaryAddress,
+                    BinaryAddressSize);
+  } else {
+    ParamStatus = X509_VERIFY_PARAM_set1_host (VerifyParam, HostName, 0);
+  }
+
+  return (ParamStatus == 1) ? EFI_SUCCESS : EFI_ABORTED;
 }
 
 /**