Allow client to verify certificate with NULL server name Client only enforces name/ipaddr verification in verify_cert_chain if the server_name is not NULL

commit: 2d82c7daa1edaa75f39581576fa9ade6055b4538 [log] [tgz]
author: davidk-ad8 <166683220+davidk-ad8@users.noreply.github.com> Thu Apr 11 16:29:33 2024 +1000
committer: GitHub <noreply@github.com> Thu Apr 11 16:29:33 2024 +1000
tree: 714019b0db25a8f35ee3abf02c6b58cece05bf91
parent: 9de892ccf7b1d3dc9467ef92ba9314c155928037 [diff]
diff --git a/lib/openssl.c b/lib/openssl.c
index 8ca5a6c..d1847e7 100644
--- a/lib/openssl.c
+++ b/lib/openssl.c

@@ -1559,9 +1559,8 @@
         X509_VERIFY_PARAM *params = X509_STORE_CTX_get0_param(verify_ctx);
         X509_VERIFY_PARAM_set_purpose(params, is_server ? X509_PURPOSE_SSL_CLIENT : X509_PURPOSE_SSL_SERVER);
         X509_VERIFY_PARAM_set_depth(params, 98); /* use the default of OpenSSL 1.0.2 and above; see `man SSL_CTX_set_verify` */
-        /* when _acting_ as client, set the server name */
-        if (!is_server) {
-            assert(server_name != NULL && "ptls_set_server_name MUST be called");
+        /* when _acting_ as client, set the server name if provided*/
+        if (!is_server && server_name) {
             if (ptls_server_name_is_ipaddr(server_name)) {
                 X509_VERIFY_PARAM_set1_ip_asc(params, server_name);
             } else {
commit	2d82c7daa1edaa75f39581576fa9ade6055b4538	[log] [tgz]
author	davidk-ad8 <166683220+davidk-ad8@users.noreply.github.com>	Thu Apr 11 16:29:33 2024 +1000
committer	GitHub <noreply@github.com>	Thu Apr 11 16:29:33 2024 +1000
tree	714019b0db25a8f35ee3abf02c6b58cece05bf91
parent	9de892ccf7b1d3dc9467ef92ba9314c155928037 [diff]