On Mon, Jul 21, 2003 at 12:20:05PM -0400, Christopher Fowler wrote: > There is no functino in OpenSSL I beleive that does such a thing. > > What you need to do is get the sockaddr sin_addr data from the accept() > function. At that point you have a IP Address. Use gethostbyaddr() to convert > that IP into a FQDN. You can then verify that the FQDN of the host matches > that in the certificate.
I doubt this. Yes, DNS is used for lookup from "reverse" zone. However, FQDN was intended to check whether client manage to connect to the server he originally intended. This verifies "forward" DNS lookup. Regards, Vadim > On Mon, Jul 21, 2003 at 12:12:49PM -0400, Jue (Jacky) Shu wrote: > > hi all, > > > > maybe it is not a SSL question. I want to make post-connection assertion to > > prevent man-in-the-middle attack. But I don't know how to get FQDN of the > > peer side(Not from peer's certificate, it must be other side's real address). > > Is there any socket fucntion to get peer's FQDN? > > thank you in advance. > > > > Jacky > > > > ______________________________________________________________________ > > OpenSSL Project http://www.openssl.org > > User Support Mailing List [EMAIL PROTECTED] > > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
