diff --git a/platform/posix/transport/include/openssl_posix.h b/platform/posix/transport/include/openssl_posix.h index ea45367204..595aacbe0f 100644 --- a/platform/posix/transport/include/openssl_posix.h +++ b/platform/posix/transport/include/openssl_posix.h @@ -118,6 +118,11 @@ typedef struct OpensslCredentials */ const char * sniHostName; + /** + * @brief If non-zero, don't compare hostname to server certificate subject. + */ + uint8_t disableHostnameCheck; + /** * @brief Set the value for the TLS max fragment length (TLS MFLN) * diff --git a/platform/posix/transport/src/openssl_posix.c b/platform/posix/transport/src/openssl_posix.c index ec598aeb2a..4ff5dbdad7 100644 --- a/platform/posix/transport/src/openssl_posix.c +++ b/platform/posix/transport/src/openssl_posix.c @@ -244,12 +244,15 @@ static OpensslStatus_t tlsHandshake( const ServerInfo_t * pServerInfo, int32_t sslStatus = -1, verifyPeerCertStatus = X509_V_OK; /* Validate the hostname against the server's certificate. */ - sslStatus = SSL_set1_host( pOpensslParams->pSsl, pServerInfo->pHostName ); - - if( sslStatus != 1 ) + if( pOpensslCredentials->disableHostnameCheck == 0U ) { - LogError( ( "SSL_set1_host failed to set the hostname to validate." ) ); - returnStatus = OPENSSL_API_ERROR; + sslStatus = SSL_set1_host( pOpensslParams->pSsl, pServerInfo->pHostName ); + + if( sslStatus != 1 ) + { + LogError( ( "SSL_set1_host failed to set the hostname to validate." ) ); + returnStatus = OPENSSL_API_ERROR; + } } /* Enable SSL peer verification. */