Hostname verification #52
Description
I'm not an expert if openssl, so forgive me if this is me just terribly misunderstanding something.
In older versions of tokio-openssl took care to enable hostname verification. Let's consider 5.0. It's docs main page says Client connections initiated from this crate verify hostnames automatically and by default.. connect function accepted a hostname for this purpose: https://docs.rs/tokio-openssl/0.5.0/tokio_openssl/fn.connect.html
In 6.0 I no longer see mentions of hostname verification. SslStream::new and SslStream::connect no longer accept the hostname.
In the library I maintain, we accept SslContext from the user, call openssl::ssl::Ssl::new(context) to make Ssl from it, then call tokio_openssl::SslStream::new(ssl, stream) to initiate TLS connection.
As far as I can tell, such connection won't have hostname verification. How could it? We never provided it with any hostname / IP.
I also don't see any obvious way to enable such verification. One possible way I see is to call param_mut() on Ssl, and then call set_ip / set_host on resulting openssl::x509::verify::X509VerifyParamRef. To my untrained eye this seems like such weird way that I doubt its the correct approach.
What am I missing?