[openssl-users] Hostname validation
Viktor Dukhovni
openssl-users at dukhovni.org
Tue Jan 27 17:21:19 UTC 2015
On Tue, Jan 27, 2015 at 04:18:49PM +0300, Serj wrote:
> I didn't find docs on such functions as SSL_get0_param
As I mentioned, this function should be documented, but is not yet.
> Why there is no corresponding functions as SSL_set0_param in your code?
> Where can I found documentation on functions operating with params?
The documentation for these functions is not yet written. The way
I would set SSL verification parameters is to obtain the parameter
handle via SSL_get0_param() or where appropriate SSL_CTX_get0_param(),
and use the various X509_VERIFY_PARAM_mumble() functions to tweak
the parameter object in place.
Parameters that apply to all connections should be set at the
SSL_CTX level, when the context is created. Specifics like
hostnames, ... should be set for each connection via the SSL
object.
> But there is no any description how SSL_CTX_set1_param works!
> Does it clear all previous flags on CTX or "ORing" with them?
> And there are no any docs on "GET" params functions!
Yes, these need (more) documentation.
--
Viktor.
More information about the openssl-users
mailing list