|
OpenSSL introduced hostname verficiation as part of VERIFY_PEER in 1.0.2.
We should use it over our homegrown check.
const char *servername = NULL;
|
SSL *ssl = NULL;
|
X509_VERIFY_PARAM *param = NULL;
|
...
|
|
servername = "www.example.com";
|
ssl = SSL_new(...);
|
param = SSL_get0_param(ssl);
|
|
/* Enable automatic hostname checks */
|
X509_VERIFY_PARAM_set_hostflags(param, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS);
|
X509_VERIFY_PARAM_set1_host(param, servername, 0);
|
http://article.gmane.org/gmane.comp.encryption.openssl.user/53905
|