Home/ Questions/Q 8373561
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-09T14:42:23+00:00

How do I catch the domain name mismatch? I use SSL_get_peer_certificate(ssl) to get the

  • 0

How do I catch the domain name mismatch?

I use SSL_get_peer_certificate(ssl) to get the certificate, then SSL_get_verify_result(ssl); to verify the certificate. How can i catch the domain name mismatch here as I am not catching it currently.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    SSL_get_verify_result doesnot do a hostname mismatch search. We have to do that manually taking into consideration multiple CN’s and subject alternative names(SAN’s) that come in the certificate.

    The functions that can be used for handling multiple CN’s are :

    int lastpos = -1;
lastpos=X509_NAME_get_index_by_NID(X509_get_subject_name(cert), NID_commonName, lastpos);
X509_NAME_get_entry(X509_get_subject_name(cert), lastpos);

    calling X509_NAME_get_index_by_NID again using the new lastpos will give us the next CN until it returns -1 which says there are no more CN’s available.

    this function gives a X509_NAME_ENTRY *, which can be converted to char * using ASN1_STRING_to_UTF8.

    Be sure to consider the wildcards that come in the SAN’s and CN’s

    • 0