From df08e62efc01185ab1c96f3d4b88374ea96834e5 Mon Sep 17 00:00:00 2001
From: daurnimator <quae@daurnimator.com>
Date: Tue, 14 Mar 2017 01:08:44 +1100
Subject: [PATCH] http/client: Don't verify IP

OpenSSL's API does not allow for removing an IP verification once set (see https://github.com/openssl/openssl/issues/2673)
---
 http/client.lua | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/http/client.lua b/http/client.lua
index 5000d675..4cb2265f 100644
--- a/http/client.lua
+++ b/http/client.lua
@@ -44,13 +44,9 @@ local function negotiate(s, options, timeout)
 		if version == 2 then
 			ssl:setOptions(openssl_ctx.OP_NO_TLSv1 + openssl_ctx.OP_NO_TLSv1_1)
 		end
-		if options.host and http_tls.has_hostname_validation then
+		if options.host and http_tls.has_hostname_validation and not ip then
 			local params = openssl_verify_param.new()
-			if ip then
-				params:setIP(options.host)
-			else
-				params:setHost(options.host)
-			end
+			params:setHost(options.host)
 			-- Allow user defined params to override
 			local old = ssl:getParam()
 			old:inherit(params)