Uploaded image for project: 'C Driver'
  1. C Driver
  2. CDRIVER-1155

Use OpenSSLs hostname verification

XMLWordPrintableJSON

    • Type: Icon: New Feature New Feature
    • Resolution: Done
    • Priority: Icon: Major - P3 Major - P3
    • 1.4.0
    • Affects Version/s: 1.4.0
    • Component/s: None

      OpenSSL introduced hostname verficiation as part of VERIFY_PEER in 1.0.2.

      We should use it over our homegrown check.

      const char *servername = NULL;
SSL *ssl = NULL;
X509_VERIFY_PARAM *param = NULL;
...

servername = "www.example.com";
ssl = SSL_new(...);
param = SSL_get0_param(ssl);

/* Enable automatic hostname checks */
X509_VERIFY_PARAM_set_hostflags(param, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS);
X509_VERIFY_PARAM_set1_host(param, servername, 0);

      http://article.gmane.org/gmane.comp.encryption.openssl.user/53905

            Assignee:
            bjori Hannes Magnusson
            Reporter:
            bjori Hannes Magnusson
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: