tls_openssl: enable certificate hostname validation

Based on example from https://wiki.openssl.org/index.php/Hostname_validation

Author: jes

modules/tls_openssl/openssl_conn_ops.c

@@ -25,6 +25,7 @@
 #include <openssl/opensslv.h>
 #include <openssl/err.h>
 #include <openssl/rand.h>
+#include <openssl/x509v3.h>
 
 #include <poll.h>
 #include <errno.h>
@@ -199,6 +200,8 @@ int openssl_tls_update_fd(struct tcp_connection *c, int fd)
 
 int openssl_tls_conn_init(struct tcp_connection* c, struct tls_domain *tls_dom)
 {
+	X509_VERIFY_PARAM *param = NULL;
+
 	/*
 	* new connection within a single process, no lock necessary
 	*/
@@ -218,6 +221,13 @@ int openssl_tls_conn_init(struct tcp_connection* c, struct tls_domain *tls_dom)
 		return -1;
 	}
 
+	param = SSL_get0_param(c->extra_data);
+	X509_VERIFY_PARAM_set_hostflags(param, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS);
+	if (!X509_VERIFY_PARAM_set1_host(param, c->hostname, strlen(c->hostname))) {
+		LM_ERR("failed to set hostname for SSL context\n");
+		return -1;
+	}
+
 	/* put pointers to the tcp_connection and tls_domain structs
 	 * in the SSL struct as extra data */
 	if (!SSL_set_ex_data(c->extra_data, SSL_EX_CONN_IDX, c)) {