To get end point's IP address

Karl Denninger karl at denninger.net
Tue May 21 11:30:59 UTC 2019


On 5/21/2019 4:53 AM, Chethan Kumar wrote:
> Thanks for the information.
>
> I researched more and found that tlsext_hostname member variable in SSL structure can be used to to get host name.
> If applications set this using SSL_set_tlsext_host_name(), is it correct to print hostname/IP in  tlsext_hostname.
> Can I use this one to set hostname/Ip address.?
> Can applications acting as both server and client set this?
>
> Thanks in advance,
> Chethan Kumar
>
Why do you want the specific IP address?  If the other end is behind a 
NAT device or similar (or a full-blown proxy) then that address is not 
meaningful in the context of actual identification as to the source of 
the communication.

Better, if it is necessary to know who you're talking to, is for the 
client to present a certificate which the server can then verify as to 
validity and provenance; the client, of course, by definition has same 
capability against the server so it can verify that the server it thinks 
it is talking to is actually the one it's communicating with.

-- 
-- Karl Denninger
/The Market-Ticker/
S/MIME Email accepted and preferred
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20190521/54e0f8f8/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4897 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20190521/54e0f8f8/attachment.bin>


More information about the openssl-users mailing list