Merge branch 'topic/ssl-verify-hostname'

* topic/ssl-verify-hostname:
  ssl: add verify_hostname option to SSLContext
  test/test_ssl: avoid SSLContext#set_params where not required
  Refactor common verify callback code

1 files changed, 15 insertions, 1 deletions

diff --git a/ext/openssl/ossl_x509store.c b/ext/openssl/ossl_x509store.c
index f3d6bf3b..ba34a056 100644
--- a/ext/openssl/ossl_x509store.c
+++ b/ext/openssl/ossl_x509store.c
@@ -106,6 +106,20 @@ DupX509StorePtr(VALUE obj)
 /*
  * Private functions
  */
+static int
+x509store_verify_cb(int ok, X509_STORE_CTX *ctx)
+{
+    VALUE proc;
+
+    proc = (VALUE)X509_STORE_CTX_get_ex_data(ctx, ossl_store_ctx_ex_verify_cb_idx);
+    if (!proc)
+	proc = (VALUE)X509_STORE_get_ex_data(X509_STORE_CTX_get0_store(ctx), ossl_store_ex_verify_cb_idx);
+    if (!proc)
+	return ok;
+
+    return ossl_verify_cb_call(proc, ok, ctx);
+}
+
 static VALUE
 ossl_x509store_alloc(VALUE klass)
 {
@@ -153,7 +167,7 @@ ossl_x509store_initialize(int argc, VALUE *argv, VALUE self)
     /* [Bug #405] [Bug #1678] [Bug #3000]; already fixed? */
     store->ex_data.sk = NULL;
 #endif
-    X509_STORE_set_verify_cb(store, ossl_verify_cb);
+    X509_STORE_set_verify_cb(store, x509store_verify_cb);
     ossl_x509store_set_vfy_cb(self, Qnil);
 
     /* last verification status */