Merge pull request #520 from davidk-ad8/client-allow-null-sni
Allow client to verify certificate with NULL server name
diff --git a/lib/openssl.c b/lib/openssl.c
index 8ca5a6c..ed64bdb 100644
--- a/lib/openssl.c
+++ b/lib/openssl.c
@@ -1559,9 +1559,8 @@
X509_VERIFY_PARAM *params = X509_STORE_CTX_get0_param(verify_ctx);
X509_VERIFY_PARAM_set_purpose(params, is_server ? X509_PURPOSE_SSL_CLIENT : X509_PURPOSE_SSL_SERVER);
X509_VERIFY_PARAM_set_depth(params, 98); /* use the default of OpenSSL 1.0.2 and above; see `man SSL_CTX_set_verify` */
- /* when _acting_ as client, set the server name */
- if (!is_server) {
- assert(server_name != NULL && "ptls_set_server_name MUST be called");
+ /* when _acting_ as client, set the server name if provided*/
+ if (!is_server && server_name != NULL) {
if (ptls_server_name_is_ipaddr(server_name)) {
X509_VERIFY_PARAM_set1_ip_asc(params, server_name);
} else {
