Difference between revisions of "Hostname validation"

From OpenSSLWiki
Jump to: navigation, search
(minimal explanation of the hostname validation problem, with some links)
 
Line 2: Line 2:
  
 
[https://github.com/iSECPartners/ssl-conservatory Here is some sample code] which shows how validating the hostname can be done.  However, it does not handle wildcard certificates, so [http://archives.seul.org/libevent/users/Feb-2013/msg00043.html borrowing some code from cURL] might be one way to go.
 
[https://github.com/iSECPartners/ssl-conservatory Here is some sample code] which shows how validating the hostname can be done.  However, it does not handle wildcard certificates, so [http://archives.seul.org/libevent/users/Feb-2013/msg00043.html borrowing some code from cURL] might be one way to go.
 +
 +
[[Category:SSL/TLS]]
 +
[[Category:Common Mistake]]

Revision as of 17:42, 24 March 2013

One very common mistake made by users of OpenSSL is to assume that OpenSSL will validate the hostname in the server's certificate. Currently, it does not, although a future version (1.1.0?) will include this functionality.

Here is some sample code which shows how validating the hostname can be done. However, it does not handle wildcard certificates, so borrowing some code from cURL might be one way to go.