Added auto-verification for hostname

Signed-off-by: AssemblyJohn <[email protected]>

lib/ocpp/common/websocket/websocket_tls.cpp

@@ -6,6 +6,8 @@
 #include <ocpp/common/websocket/websocket_tls.hpp>
 #include <ocpp/common/websocket/websocket_uri.hpp>
 
+#include <openssl/x509_vfy.h>
+
 #include <everest/logging.hpp>
 
 #include <memory>
@@ -302,15 +304,30 @@ tls_context WebsocketTLS::on_tls_init(std::string hostname, websocketpp::connect
         }
 
         context->set_verify_mode(boost::asio::ssl::verify_peer);
+
         if (this->connection_options.verify_csms_common_name) {
+
+            // Verify hostname
+            X509_VERIFY_PARAM *param = X509_VERIFY_PARAM_new();
+
+            X509_VERIFY_PARAM_set_hostflags(param, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS);
+
+            // Set the host and parameter check
+            X509_VERIFY_PARAM_set1_host(param, hostname.c_str(), hostname.length());
+            SSL_CTX_set1_param(context->native_handle(), param);
+
+            X509_VERIFY_PARAM_free(param);
+
+            /*
             context->set_verify_callback([this, hostname](bool preverified, boost::asio::ssl::verify_context& ctx) {
                 return this->verify_csms_cn(hostname, preverified, ctx);
             });
-
+            */
         } else {
             EVLOG_warning << "Not verifying the CSMS certificates commonName with the Fully Qualified Domain Name "
                              "(FQDN) of the server because it has been explicitly turned off via the configuration!";
         }
+
         if (this->evse_security->is_ca_certificate_installed(ocpp::CaCertificateType::CSMS)) {
             EVLOG_info << "Loading ca csms bundle to verify server certificate: "
                        << this->evse_security->get_verify_file(ocpp::CaCertificateType::CSMS);