On Wed, Mar 07, 2007 at 02:28:33AM +0100, Vladislav Marinov wrote:
> I am trying to write a client/server application using the OpenSSL
> support for DTLS and I have a problem with the server validating the
> certificate of the client.
Unless the server solicited the client connection, and was expecting
a connecting from a *given* client, it typically makes to sense to tie
the client credentials to the client's IP address, rather if you have
a client cert, that's the client you are talking to, and you apply any
rights/ACLs that go with that identity.
> I have my own function that does the
> validation - it compares the *physical* hostname/IP address of the
> client with the Common Name field of a X.509 certificate.
Why?
>Does OpenSSL provide a function which can can return any
> information about the other peer that has initiated the handshake?
Why?
> recvfrom() will not work for me because I need to
> know the IP/hostname whatever before I start receiving data from the
> peer (in order to verify its certificate). Any help will be greatly
> appreciated.
What problem are you solving? Why do you need to validate the peer name
before the data is received? You can do it after the handshake is complete
just before you use the data.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
