When can I safely call SSL_get_peer_certificate?
I am reading socket in non-blocking mode, and would like to
know when I've read enough so that I can obtain the peer certificate. The
reason is, as I've understood, I must check that CN matches the host name I
requested to prevent MITM attacks. And no, I can't use the verify function
(for this purpose) because it don't have context to my request (several
requests can be going on at the same time).
Also, I think I must close the connection if they dont match.
Is there a special procedure to follow so that the other side
knows I didn't approve of the certificate or do I just close?
Thanks,
Ari Pirinen
[EMAIL PROTECTED]
______________________________________________
FREE Personalized Email at Mail.com
Sign up at http://www.mail.com/?sr=signup
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]