Started by an SCM changeBRANCHmasterEMAIL_NOTIFICATIONSjenkins-notifications@lists.osmocom.org laforge@gnumonks.org000090801908011.00840484047958603c1e44f9e751f6949fa43bc9ac9580235427c2603c1e44f9e751f6949fa43bc9ac9580235427c2origin/master603c1e44f9e751f6949fa43bc9ac9580235427c2603c1e44f9e751f6949fa43bc9ac9580235427c2origin/master4893af54579bd49100c2d837044d7336d9df8377808faf54579bd49100c2d837044d7336d9df8377808frefs/remotes/origin/masteraf54579bd49100c2d837044d7336d9df8377808faf54579bd49100c2d837044d7336d9df8377808frefs/remotes/origin/master603c1e44f9e751f6949fa43bc9ac9580235427c2603c1e44f9e751f6949fa43bc9ac9580235427c2origin/masterhttps://gerrit.osmocom.org/osmo-pcapfalse#79589080186039master-osmo-pcap #79587958falsefalse7958151623SUCCESS1782293708808https://jenkins.osmocom.org/jenkins/job/master-osmo-pcap/7958/- include/osmo-pcap/osmo_tls.hsrc/osmo_tls.c603c1e44f9e751f6949fa43bc9ac9580235427c21782202687000https://jenkins.osmocom.org/jenkins/user/fixeriaVadim Yanitskiyvyanitskiy@sysmocom.detls: fix broken certificate hostname verification
verify_cert_cb() retrieved the gnutls session pointer and passed it to
gnutls_certificate_verify_peers3() as the expected hostname. But the
session pointer is set to the osmo_tls_session struct (it is needed by
cert_callback()), not a hostname string. Hostname matching was
therefore performed against raw struct bytes, rendering verification
meaningless and potentially reading out of bounds, even when
"tls verify-cert" was enabled.
Store the configured hostname in struct osmo_tls_session and have
verify_cert_cb() read it from there. Also drop the stray
gnutls_certificate_verify_peers3() call in the client setup: it ran
before any handshake (so there were no peer certificates yet) and its
result was ignored; the real verification happens via the registered
callback during the handshake.
Change-Id: If64950a698bfcfbf556a37ef1be3e68abc124384
AI-Assisted: yes (Claude)
2026-06-23 08:18:07 +0000603c1e44f9e751f6949fa43bc9ac9580235427c2tls: fix broken certificate hostname verificationeditinclude/osmo-pcap/osmo_tls.heditsrc/osmo_tls.c
githttps://jenkins.osmocom.org/jenkins/user/fixeriaVadim Yanitskiy7958https://jenkins.osmocom.org/jenkins/job/master-osmo-pcap/a1=default,a2=default,a3=default,a4=default,label=osmocom-master/7958/