Hostname validation

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Jan 27, 2015, Serj wrote:

> Hi, Viktor.
> 
> 27.01.2015, 23:07, "Viktor Dukhovni" <openssl-users at dukhovni.org>:
> > It is complete enough. ?The word "mumble" is not meant to be taken
> 
> You full code from wiki is:
> 
>         const char *servername;
> 	SSL *ssl;
> 	X509_VERIFY_PARAM *param;
> 
> 	servername = "www.example.com";
> 	ssl = SSL_new(...);
> 	param = SSL_get0_param(ssl);
> 
> 	/* Enable automatic hostname checks */
> 	X509_VERIFY_PARAM_set_hostflags(param, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS);
> 	X509_VERIFY_PARAM_set1_host(param, servername, 0);
> 
> 	/* Configure a non-zero callback if desired */
> 	SSL_set_verify(ssl, SSL_VERIFY_PEER, 0);
> 
> 	/*
> 	 * Establish SSL connection, hostname should be checked
> 	 * automatically test with a hostname that should not match,
> 	 * the connection will fail (unless you specify a callback
> 	 * that returns despite the verification failure.  In that
> 	 * case SSL_get_verify_status() can expose the problem after
> 	 * connection completion.
> 	 */
> 	 ...
> 
> You set here only "param":
> 	X509_VERIFY_PARAM_set_hostflags(param, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS);
> 	X509_VERIFY_PARAM_set1_host(param, servername, 0);
> 
> But how this variable is associated with "ssl" object or "ctx" object?
> I don't understand really! Please explain more in detail.
> 

It's this:

       param = SSL_get0_param(ssl);

Because SSL_get0_param retrieves the internal pointer to parameters used by 
ssl: so if you modify those parameters the modified versions will be used by
ssl.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux