(openssl) verify that the certificate we are getting match the domain we are requesting

2018-10-05 12:08:45 -07:00
parent 96903b4d25
commit 10ce046b0f
3 changed files with 132 additions and 17 deletions
--- a/ixwebsocket/IXSocketOpenSSL.h
+++ b/ixwebsocket/IXSocketOpenSSL.h
@ -36,7 +36,11 @@ namespace ix
    private:
        std::string getSSLError(int ret);
        SSL_CTX* openSSLCreateContext(std::string& errMsg);
-        bool openSSLHandshake(std::string& errMsg);
+        bool openSSLHandshake(const std::string& hostname, std::string& errMsg);
+        bool openSSLCheckServerCert(SSL *ssl,
+                                    const std::string& hostname,
+                                    std::string& errMsg);
+        bool checkHost(const std::string& host, const char *pattern);

        SSL_CTX* _ssl_context;
        SSL* _ssl_connection;