Thank you, Chris. Yes, that's what I want to do. But I have to use SSL_accept instead of accept, and peer's ip address is dynamic. Can I get peer's ip address from SSL connection? Thank you again.
Jacky Quoting Christopher Fowler <[EMAIL PROTECTED]>: > In reading his orignal email, I made the assumption that he just > wanted to get the hostname + domain of the peer that conencted. To > mae the logical choice was to get the peers IP address from the socket > data and then do a lookup on that IP Address. Maybe another method will > work? > > > On Mon, Jul 21, 2003 at 07:28:51PM +0300, Vadim Fedukovich wrote: > > On Mon, Jul 21, 2003 at 12:20:05PM -0400, Christopher Fowler wrote: > > > There is no functino in OpenSSL I beleive that does such a thing. > > > > > > What you need to do is get the sockaddr sin_addr data from the accept() > > > function. At that point you have a IP Address. Use gethostbyaddr() to > convert > > > that IP into a FQDN. You can then verify that the FQDN of the host > matches > > > that in the certificate. > > > > I doubt this. > > Yes, DNS is used for lookup from "reverse" zone. > > However, FQDN was intended to check whether client manage to connect > > to the server he originally intended. This verifies "forward" DNS lookup. > > > > Regards, > > Vadim > > > > > On Mon, Jul 21, 2003 at 12:12:49PM -0400, Jue (Jacky) Shu wrote: > > > > hi all, > > > > > > > > maybe it is not a SSL question. I want to make post-connection > assertion to > > > > prevent man-in-the-middle attack. But I don't know how to get FQDN of > the > > > > peer side(Not from peer's certificate, it must be other side's real > address). > > > > Is there any socket fucntion to get peer's FQDN? > > > > thank you in advance. > > > > > > > > Jacky > > > > > > > > ______________________________________________________________________ > > > > OpenSSL Project http://www.openssl.org > > > > User Support Mailing List [EMAIL PROTECTED] > > > > Automated List Manager [EMAIL PROTECTED] > > > ______________________________________________________________________ > > > OpenSSL Project http://www.openssl.org > > > User Support Mailing List [EMAIL PROTECTED] > > > Automated List Manager [EMAIL PROTECTED] > > ______________________________________________________________________ > > OpenSSL Project http://www.openssl.org > > User Support Mailing List [EMAIL PROTECTED] > > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
