Details
-
New Feature
-
Resolution: Done
-
Major - P3
-
1.4.0
-
None
Description
OpenSSL introduced hostname verficiation as part of VERIFY_PEER in 1.0.2.
We should use it over our homegrown check.
const char *servername = NULL;
|
SSL *ssl = NULL;
|
X509_VERIFY_PARAM *param = NULL;
|
...
|
|
|
servername = "www.example.com";
|
ssl = SSL_new(...);
|
param = SSL_get0_param(ssl);
|
|
|
/* Enable automatic hostname checks */
|
X509_VERIFY_PARAM_set_hostflags(param, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS);
|
X509_VERIFY_PARAM_set1_host(param, servername, 0);
|
http://article.gmane.org/gmane.comp.encryption.openssl.user/53905
Attachments
Issue Links
- depends on
-
CDRIVER-1157 Verify certificates during handshake
-
- Closed
-