[openssl-users] Hostname validation in OpenSSL 1.1.0

Hajjar, Alain (US) ahajjar at cyberpointllc.com
Tue Apr 4 22:02:46 UTC 2017


I am looking for confirmation regarding the hostname validation
implementation in OpenSSL 1.1.0. Is the example code at
https://wiki.openssl.org/index.php/Hostname_validation the correct way to do
hostname validation with both 1.1.0 and 1.0.2?

Specifically, in order for OpenSSL 1.1.0 to automatically perform hostname
checks, does the calling application need to use both
X509_VERIFY_PARAM_set1_host (with the expected DNS hostname) and
SSL_set_verify (with SSL_VERIFY_PEER) as is the case for OpenSSL 1.0.2?

Thank you.


Alain Hajjar
mobile +1 240 330 3754
direct +1 443 884 6687

CyberPoint International
621 East Pratt Street, Suite 400

Baltimore MD 21202-3196

phone +1 410 779 6700

www.cyberpointllc.com <http://www.cyberpointllc.com/>

If you believe you received this e-mail in error, please notify the sender
immediately, delete the e-mail from your computer and do not copy or
disclose it to anyone else.

The information in this email constitutes the proprietary information of
Cyber Point International, LLC, and should be accessed only by the
individual to whom it is addressed. The information in this email and any
attachments may not be used, copied or disclosed without the consent of
CyberPoint. CyberPoint is not responsible for any damages caused by your
unauthorized use of the materials in this email.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170404/48eb812e/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4605 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170404/48eb812e/attachment.bin>

More information about the openssl-users mailing list