In reading his orignal email, I made the assumption that he just wanted to get the hostname + domain of the peer that conencted. To mae the logical choice was to get the peers IP address from the socket data and then do a lookup on that IP Address. Maybe another method will work?
On Mon, Jul 21, 2003 at 07:28:51PM +0300, Vadim Fedukovich wrote: > On Mon, Jul 21, 2003 at 12:20:05PM -0400, Christopher Fowler wrote: > > There is no functino in OpenSSL I beleive that does such a thing. > > > > What you need to do is get the sockaddr sin_addr data from the accept() > > function. At that point you have a IP Address. Use gethostbyaddr() to convert > > that IP into a FQDN. You can then verify that the FQDN of the host matches > > that in the certificate. > > I doubt this. > Yes, DNS is used for lookup from "reverse" zone. > However, FQDN was intended to check whether client manage to connect > to the server he originally intended. This verifies "forward" DNS lookup. > > Regards, > Vadim > > > On Mon, Jul 21, 2003 at 12:12:49PM -0400, Jue (Jacky) Shu wrote: > > > hi all, > > > > > > maybe it is not a SSL question. I want to make post-connection assertion to > > > prevent man-in-the-middle attack. But I don't know how to get FQDN of the > > > peer side(Not from peer's certificate, it must be other side's real address). > > > Is there any socket fucntion to get peer's FQDN? > > > thank you in advance. > > > > > > Jacky > > > > > > ______________________________________________________________________ > > > OpenSSL Project http://www.openssl.org > > > User Support Mailing List [EMAIL PROTECTED] > > > Automated List Manager [EMAIL PROTECTED] > > ______________________________________________________________________ > > OpenSSL Project http://www.openssl.org > > User Support Mailing List [EMAIL PROTECTED] > > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
