IN CHAR8 *HostName\r
)\r
{\r
- TLS_CONNECTION *TlsConn;\r
+ TLS_CONNECTION *TlsConn;\r
+ X509_VERIFY_PARAM *VerifyParam;\r
+ UINTN BinaryAddressSize;\r
+ UINT8 BinaryAddress[MAX (NS_INADDRSZ, NS_IN6ADDRSZ)];\r
+ INTN ParamStatus;\r
\r
TlsConn = (TLS_CONNECTION *) Tls;\r
if (TlsConn == NULL || TlsConn->Ssl == NULL || HostName == NULL) {\r
\r
SSL_set_hostflags(TlsConn->Ssl, Flags);\r
\r
- if (SSL_set1_host(TlsConn->Ssl, HostName) == 0) {\r
- return EFI_ABORTED;\r
+ VerifyParam = SSL_get0_param (TlsConn->Ssl);\r
+ ASSERT (VerifyParam != NULL);\r
+\r
+ BinaryAddressSize = 0;\r
+ if (inet_pton (AF_INET6, HostName, BinaryAddress) == 1) {\r
+ BinaryAddressSize = NS_IN6ADDRSZ;\r
+ } else if (inet_pton (AF_INET, HostName, BinaryAddress) == 1) {\r
+ BinaryAddressSize = NS_INADDRSZ;\r
}\r
\r
- return EFI_SUCCESS;\r
+ if (BinaryAddressSize > 0) {\r
+ DEBUG ((DEBUG_VERBOSE, "%a:%a: parsed \"%a\" as an IPv%c address "\r
+ "literal\n", gEfiCallerBaseName, __FUNCTION__, HostName,\r
+ (UINTN)((BinaryAddressSize == NS_IN6ADDRSZ) ? '6' : '4')));\r
+ ParamStatus = X509_VERIFY_PARAM_set1_ip (VerifyParam, BinaryAddress,\r
+ BinaryAddressSize);\r
+ } else {\r
+ ParamStatus = X509_VERIFY_PARAM_set1_host (VerifyParam, HostName, 0);\r
+ }\r
+\r
+ return (ParamStatus == 1) ? EFI_SUCCESS : EFI_ABORTED;\r
}\r
\r
/**\r