>>Can anyone send me a code snippet showing how I get the subject >>alternate name (IP address) in a form useful for IP source verification?
Don't know what you mean for sure, but here is some MS Visual C++ Client Code that will verify the Server's Name(IP,or DNS Name) based on the subject line from the Server Certificate. Note: this uses the CString Class which is part of Microsoft Foundation Classes. You can find CString documentation at http://msdn.microsoft.com/library/default.asp?url=/library/en-us/vcmfc98/htm l/_mfc_cstring.asp. CString sAddress = "the server name" X509 *ServerCert; ServerCert = SSL_get_peer_certificate(m_pSSL); //get the server certificate if(ServerCert == NULL)return FALSE; //could not get a certificate CString sCertAddress; char* szTempChar; szTempChar = X509_NAME_oneline(X509_get_subject_name(ServerCert), 0, 0); // get the server subject name if(szTempChar == NULL) { X509_free(ServerCert); //free the server cert return FALSE; //could not get a subject name } try{sCertAddress = szTempChar;} //attempt to set the value of sCertAddress to be the server subject name catch (...) { X509_free(ServerCert); //free the server cert return FALSE; // could not copy the server suject name } X509_free(ServerCert); //free the server cert int iStartStrPos,iEndStrPos; iStartStrPos = sCertAddress.Find("/CN"); //Finding the portion of the subject name that relates to the Server Name if (iStartStrPos == -1) return FALSE; //Failed to find the server name in the server subject line iStartStrPos += 4; // moving the start string pos from locating the /CN SERVER_NAME to SERVER_NAME iEndStrPos = sCertAddress.Find('/',iStartStrPos+1); //Finding the end of the server name if(iEndStrPos == -1) iEndStrPos = sCertAddress.GetLength(); //The end must be the end of the line try { sCertAddress = sCertAddress.Mid(iStartStrPos,iEndStrPos-iStartStrPos); //Extract the server name out of the subject line. } catch (...) { return FALSE; //There was a memory exception } if(sCertAddress != sAddress) //If the server name from the server certificate and the server name do not match... return FALSE; //ERROR COULD NOT VALIDATE SERVER Joel Daniels (a novice). P.S. Please let me know if this code does not work. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]