Hi, I am trying to write a client/server application using the OpenSSL support for DTLS and I have a problem with the server validating the certificate of the client. I have my own function that does the validation - it compares the *physical* hostname/IP address of the client with the Common Name field of a X.509 certificate. My client does SSL_connect() and the server does SSL_accept(). With TLS I had no problems to program the server to validate the certificate because before I perform the TLS handshake I must call accept() on the server side and then I can extract the socket address of the client, therefore obtaining the hostname by calling gethostbyaddress() or simply getpeername(). However, in DTLS there is no call to accept() on the server side and the server has to go directly to the SSL handshake. Therefore, I do not have the socket address of the client and cannot extract its hostname/IP address/socket address which is needed for validation. Does OpenSSL provide a function which can can return any information about the other peer that has initiated the handshake? Or does UDP provide such mechanism.... since after a handshake is performed there has been some exchange of data so there must be some way to identify the sender. recvfrom() will not work for me because I need to know the IP/hostname whatever before I start receiving data from the peer (in order to verify its certificate). Any help will be greatly appreciated.
Thanks, Vladislav ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
