Loading...

XML

Word

Printable

JSON

Type: New Feature
Resolution: Done
Priority: Major - P3
Fix Version/s: 1.4.0
Affects Version/s: 1.4.0
Component/s: None
Labels:
- intern2016

Epic Link:
TLS Improvements

OpenSSL introduced hostname verficiation as part of VERIFY_PEER in 1.0.2.

We should use it over our homegrown check.

const char *servername = NULL;
SSL *ssl = NULL;
X509_VERIFY_PARAM *param = NULL;
...

servername = "www.example.com";
ssl = SSL_new(...);
param = SSL_get0_param(ssl);

/* Enable automatic hostname checks */
X509_VERIFY_PARAM_set_hostflags(param, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS);
X509_VERIFY_PARAM_set1_host(param, servername, 0);

http://article.gmane.org/gmane.comp.encryption.openssl.user/53905

depends on

CDRIVER-1157 Verify certificates during handshake

Closed

Assignee:: Hannes Magnusson

Reporter:: Hannes Magnusson

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: Mar 14 2016 11:13:45 PM UTC

Updated:: Aug 10 2016 10:10:47 PM UTC

Resolved:: Jul 14 2016 05:54:29 PM UTC