>>Can anyone send me a code snippet showing how I get the subject
>>alternate name (IP address) in a form useful for IP source
verification?
Don't know what you mean for sure, but here is some MS Visual C++ Client
Code that will verify the Server's Name(IP,or DNS Name) based on the subject
line from the Server Certificate.
Note: this uses the CString Class which is part of Microsoft Foundation
Classes. You can find CString documentation at
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/vcmfc98/htm
l/_mfc_cstring.asp.
CString sAddress = "the server name"
X509 *ServerCert;
ServerCert = SSL_get_peer_certificate(m_pSSL); //get the server
certificate
if(ServerCert == NULL)return FALSE; //could not get a certificate
CString sCertAddress;
char* szTempChar;
szTempChar = X509_NAME_oneline(X509_get_subject_name(ServerCert), 0, 0);
// get the server subject name
if(szTempChar == NULL)
{
X509_free(ServerCert); //free the server cert
return FALSE; //could not get a subject name
}
try{sCertAddress = szTempChar;} //attempt to set the value of
sCertAddress to be the server subject name
catch (...)
{
X509_free(ServerCert); //free the server cert
return FALSE; // could not copy the server suject name
}
X509_free(ServerCert); //free the server cert
int iStartStrPos,iEndStrPos;
iStartStrPos = sCertAddress.Find("/CN"); //Finding the portion of the
subject name that relates to the Server Name
if (iStartStrPos == -1) return FALSE; //Failed to find the server name in
the server subject line
iStartStrPos += 4; // moving the start string pos from locating the /CN
SERVER_NAME to SERVER_NAME
iEndStrPos = sCertAddress.Find('/',iStartStrPos+1); //Finding the end of
the server name
if(iEndStrPos == -1)
iEndStrPos = sCertAddress.GetLength(); //The end must be the end of
the line
try
{
sCertAddress = sCertAddress.Mid(iStartStrPos,iEndStrPos-iStartStrPos);
//Extract the server name out of the subject line.
}
catch (...)
{
return FALSE; //There was a memory exception
}
if(sCertAddress != sAddress) //If the server name from the server
certificate and the server name do not match...
return FALSE; //ERROR COULD NOT VALIDATE SERVER
Joel Daniels (a novice).
P.S. Please let me know if this code does not work.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]