From 2980c58b82b9744e792c5781832d73630830ae9f Mon Sep 17 00:00:00 2001
From: Jeff Wendling <jeff@spacemonkey.com>
Date: Mon, 10 Oct 2016 11:12:18 -0600
Subject: [PATCH] fix bug with hostname validation on newer openssl

the signature for the X509_check_host function takes
a char **peername, and our vendored hostname code does
not have this argument. hilarity ensues!!

so since we never use it, just have our vendored code
ignore it.

Change-Id: I4fdf0a4cd43738e4cc7261e4e2d16a9deef1ac82
---
 hostname.c  | 2 +-
 hostname.go | 5 +++--
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/hostname.c b/hostname.c
index 7ebea17..15670c4 100644
--- a/hostname.c
+++ b/hostname.c
@@ -349,7 +349,7 @@ static int do_x509_check(X509 *x, const unsigned char *chk, size_t chklen,
 #if OPENSSL_VERSION_NUMBER < 0x1000200fL
 
 int X509_check_host(X509 *x, const unsigned char *chk, size_t chklen,
-					unsigned int flags)
+					unsigned int flags, char **peername)
 	{
 	return do_x509_check(x, chk, chklen, flags, GEN_DNS);
 	}
diff --git a/hostname.go b/hostname.go
index 4f56d64..8c3b8e8 100644
--- a/hostname.go
+++ b/hostname.go
@@ -26,7 +26,7 @@ package openssl
 #define X509_CHECK_FLAG_NO_WILDCARDS	0x2
 
 extern int X509_check_host(X509 *x, const unsigned char *chk, size_t chklen,
-    unsigned int flags);
+    unsigned int flags, char **peername);
 extern int X509_check_email(X509 *x, const unsigned char *chk, size_t chklen,
     unsigned int flags);
 extern int X509_check_ip(X509 *x, const unsigned char *chk, size_t chklen,
@@ -60,8 +60,9 @@ const (
 func (c *Certificate) CheckHost(host string, flags CheckFlags) error {
 	chost := unsafe.Pointer(C.CString(host))
 	defer C.free(chost)
+
 	rv := C.X509_check_host(c.x, (*C.uchar)(chost), C.size_t(len(host)),
-		C.uint(flags))
+		C.uint(flags), nil)
 	if rv > 0 {
 		return nil
 	}