21.03.2013 Views

Problem - Kevin Tafuro

Problem - Kevin Tafuro

Problem - Kevin Tafuro

SHOW MORE
SHOW LESS

You also want an ePaper? Increase the reach of your titles

YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.

verify_flags |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT;<br />

if (spc_store->flags & SPC_X509STORE_SSL_VERIFY_CLIENT_ONCE)<br />

verify_flags |= SSL_VERIFY_CLIENT_ONCE;<br />

}<br />

SSL_CTX_set_verify(ctx, verify_flags, verify_callback);<br />

if (spc_store->flags & SPC_X509STORE_USE_CERTIFICATE) {<br />

if (spc_store->use_certfile)<br />

SSL_CTX_use_certificate_chain_file(ctx, spc_store->use_certfile);<br />

else {<br />

SSL_CTX_use_certificate(ctx, sk_X509_value(spc_store->use_certs, 0));<br />

for (i = 1; i < sk_X509_num(spc_store->use_certs); i++) {<br />

SSL_CTX_add_extra_chain_cert(ctx, sk_X509_value(spc_store->use_certs, i));<br />

}<br />

}<br />

if (spc_store->use_keyfile) {<br />

SSL_CTX_use_PrivateKey_file(ctx, spc_store->use_keyfile, SSL_FILETYPE_PEM);<br />

} else {<br />

if (spc_store->use_key)<br />

SSL_CTX_use_PrivateKey(ctx, spc_store->use_key);<br />

}<br />

}<br />

SSL_CTX_set_app_data(ctx, spc_store);<br />

return ctx;<br />

error_exit:<br />

if (store) X509_STORE_free(store); /* not ref counted */<br />

if (ctx) SSL_CTX_free(ctx); /* ref counted */<br />

return 0;<br />

}<br />

See Also<br />

Recipe 10.5<br />

10.8 Adding Hostname Checking to Certificate<br />

Verification<br />

<strong>Problem</strong><br />

You have a certificate that has passed initial verification checks as described in<br />

Recipe 10.4. Now you want to make sure that it was issued to the host that is<br />

claiming ownership of it.<br />

Solution<br />

A certificate often contains a commonName field, and many certificates contain a<br />

subjectAltName extension, although neither is required. Normally, when a server pre-<br />

Adding Hostname Checking to Certificate Verification | 539<br />

This is the Title of the Book, eMatter Edition<br />

Copyright © 2007 O’Reilly & Associates, Inc. All rights reserved.

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!