On Sat, Oct 27, 2012 at 11:00 AM, Alban D. <blan...@gmail.com> wrote:
> Hi everyone,
>
> iSEC Partners just released a paper that provides detailed guidelines
> and sample code on how to properly do certificate validation with
> OpenSSL:
> http://www.isecpartners.com/blog/2012/10/14/the-lurking-menace-of-broken-tls-validation.html
>
> It is not trivial and so I thought this reference material could be
> useful to people on this mailing list.
] int validate_hostname(char *hostname, X509 *server_cert) {
] int hostname_matched = HOSTNAME_VALIDATION_ERR;
] if((hostname == NULL) || (server_cert == NULL))
] goto error;
] ...
] error:
] return hostname_matched;
] }
You failed open rather than closed. Its not a good choice of
strategies for high integrity software.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
