IXWebSocket wss c++ client cannot connect to Node.js wss server using an ip address
Viktor Dukhovni
openssl-users at dukhovni.org
Tue Feb 14 15:15:13 UTC 2023
On Tue, Feb 14, 2023 at 08:58:44AM -0600, Mark Hack wrote:
> I went and looked at the IX code and this, as we all suspected, has
> nothing to do with OpenSSL.
>
> Here is the offending code in ixwebsocket/IXSocketOpenSSL.cpp which
> ignores the IP addresses and only checks the DNS name entries:
OpenSSL, since the 1.0.2 release, has built-in name checks. There's
no reason for applications or libraries to implement their own. Of
course the application still has to decide what reference identifiers
to configure (e.g., SSL_set1_host vs. X509_VERIFY_PARAM_set1_ip_asc).
The library in question is not sufficiently actively maintained to move
on from deprecated anti-patterns. It should not be used.
--
Viktor.
More information about the openssl-users
mailing list