[openssl-users] Hostname validation

Viktor Dukhovni openssl-users at dukhovni.org
Tue Jan 27 17:21:19 UTC 2015

On Tue, Jan 27, 2015 at 04:18:49PM +0300, Serj wrote:

> I didn't find docs on such functions as SSL_get0_param

As I mentioned, this function should be documented, but is not yet.

> Why there is no corresponding functions as SSL_set0_param in your code?
> Where can I found documentation on functions operating with params?

The documentation for these functions is not yet written.  The way
I would set SSL verification parameters is to obtain the parameter
handle via SSL_get0_param() or where appropriate SSL_CTX_get0_param(),
and use the various X509_VERIFY_PARAM_mumble() functions to tweak
the parameter object in place.

Parameters that apply to all connections should be set at the
SSL_CTX level, when the context is created.  Specifics like
hostnames, ... should be set for each connection via the SSL

> But there is no any description how SSL_CTX_set1_param works!
> Does it clear all previous flags on CTX or "ORing" with them?
> And there are no any docs on "GET" params functions!

Yes, these need (more) documentation.


More information about the openssl-users mailing list