Hostname validation in OpenSSL 1.1.0

Previous Topic Next Topic
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

Hostname validation in OpenSSL 1.1.0

Hajjar, Alain (US)

I am looking for confirmation regarding the hostname validation implementation in OpenSSL 1.1.0. Is the example code at the correct way to do hostname validation with both 1.1.0 and 1.0.2? 

Specifically, in order for OpenSSL 1.1.0 to automatically perform hostname checks, does the calling application need to use both X509_VERIFY_PARAM_set1_host (with the expected DNS hostname) and SSL_set_verify (with SSL_VERIFY_PEER) as is the case for OpenSSL 1.0.2?

Thank you.


Alain Hajjar
mobile +1 240 330 3754
direct +1 443 884 6687

CyberPoint International

621 East Pratt Street, Suite 400

Baltimore MD 21202-3196

phone +1 410 779 6700

If you believe you received this e-mail in error, please notify the sender immediately, delete the e-mail from your computer and do not copy or disclose it to anyone else.

The information in this email constitutes the proprietary information of Cyber Point International, LLC, and should be accessed only by the individual to whom it is addressed. The information in this email and any attachments may not be used, copied or disclosed without the consent of CyberPoint. CyberPoint is not responsible for any damages caused by your unauthorized use of the materials in this email.

openssl-users mailing list
To unsubscribe:

smime.p7s (6K) Download Attachment