[CDRIVER-1155] Use OpenSSLs hostname verification Created: 14/Mar/16  Updated: 10/Aug/16  Resolved: 14/Jul/16

Status: Closed
Project: C Driver
Component/s: None
Affects Version/s: 1.4.0
Fix Version/s: 1.4.0

Type: New Feature Priority: Major - P3
Reporter: Hannes Magnusson Assignee: Hannes Magnusson
Resolution: Done Votes: 0
Labels: intern2016
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
depends on CDRIVER-1157 Verify certificates during handshake Closed
Epic Link: TLS Improvements

 Description   

OpenSSL introduced hostname verficiation as part of VERIFY_PEER in 1.0.2.

We should use it over our homegrown check.

const char *servername = NULL;
SSL *ssl = NULL;
X509_VERIFY_PARAM *param = NULL;
...
 
servername = "www.example.com";
ssl = SSL_new(...);
param = SSL_get0_param(ssl);
 
/* Enable automatic hostname checks */
X509_VERIFY_PARAM_set_hostflags(param, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS);
X509_VERIFY_PARAM_set1_host(param, servername, 0);

http://article.gmane.org/gmane.comp.encryption.openssl.user/53905



 Comments   
Comment by Githook User [ 14/Jul/16 ]

Author:

{u'username': u'bjori', u'name': u'Hannes Magnusson', u'email': u'bjori@php.net'}

Message: CDRIVER-1155: Use OpenSSL to verify the certificate hostname
Branch: master
https://github.com/mongodb/mongo-c-driver/commit/fb87de5be793c971c983a96b9a6c1ebd42187cb3

Generated at Wed Feb 07 21:11:44 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.