On 5/21/2019 4:53 AM, Chethan Kumar
wrote:
Thanks for the information. I researched more and found that tlsext_hostname member variable in SSL structure can be used to to get host name. If applications set this using SSL_set_tlsext_host_name(), is it correct to print hostname/IP in tlsext_hostname. Can I use this one to set hostname/Ip address.? Can applications acting as both server and client set this? Thanks in advance, Chethan Kumar Why do you want the specific IP address? If the other end is
behind a NAT device or similar (or a full-blown proxy) then that
address is not meaningful in the context of actual identification
as to the source of the communication. Better, if it is necessary to know who you're talking to, is for the client to present a certificate which the server can then verify as to validity and provenance; the client, of course, by definition has same capability against the server so it can verify that the server it thinks it is talking to is actually the one it's communicating with. --
-- Karl Denninger The Market-Ticker S/MIME Email accepted and preferred |
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature