Yes, indeed I don't want to take into account the CN, only the SANs. Thanks
for the extra flag and all the clarifications!
Best regards,
Theodor
>
>
> > > > For now I am using X509_VERIFY_PARAM_set1_host with
> SSL_CTX_set1_param to
> > > > do this specific check.
> > >
> > > That's the
> I am writing a SSL/TLS client (using Boost.Beast but underlying it's using
> OpenSSL) and although I have set on the SSL context the 'verify_peer'
flag,
> there is no verification to prove the server presents an X509 which
> contains in the Subject Alternative Names the hostname of that server.
I am writing a SSL/TLS client (using Boost.Beast but underlying it's using
OpenSSL) and although I have set on the SSL context the 'verify_peer' flag,
there is no verification to prove the server presents an X509 which
contains in the Subject Alternative Names the hostname of that server.
As this