On Sat, Mar 28, 2020 at 10:56:20PM +0200, George-Theodor Serbana wrote:
> > > For now I am using X509_VERIFY_PARAM_set1_host with SSL_CTX_set1_param to
> > > do this specific check.
> >
> > That's the slightly less convenient legacy API from OpenSSL 1.0.2.
> > In 1.1.0 and later, you can use
> I am writing a SSL/TLS client (using Boost.Beast but underlying it's using
> OpenSSL) and although I have set on the SSL context the 'verify_peer'
flag,
> there is no verification to prove the server presents an X509 which
> contains in the Subject Alternative Names the hostname of that server.
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
The OpenSSL project team would like to announce the forthcoming release
of OpenSSL version 1.1.1f.
This release will be made available on Tuesday 31st March 2020 between
1200-1600 UTC. This is a bug fix only release.
Yours
The OpenSSL Project Team
