must not free the return value.
SSL clients are advised to use these functions in preference to
-explicitly calling L<X509_check_host(3)>. Hostname checks are out
+explicitly calling L<X509_check_host(3)>. Hostname checks may be out
of scope with the RFC7671 DANE-EE(3) certificate usage, and the
internal check will be suppressed as appropriate when DANE is
enabled.
and must be copied by the application if it is to be retained beyond
the lifetime of the SSL connection.
- SSL_set_hostflags(ssl, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS);
- if (!SSL_set1_host(ssl, "smtp.example.com")) {
- /* handle error */
- }
- if (!SSL_add1_host(ssl, "example.com")) {
- /* handle error */
- }
+ SSL_set_hostflags(ssl, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS);
+ if (!SSL_set1_host(ssl, "smtp.example.com"))
+ /* error */
+ if (!SSL_add1_host(ssl, "example.com"))
+ /* error */
- /* XXX: Perform SSL_connect() handshake and handle errors here */
+ /* XXX: Perform SSL_connect() handshake and handle errors here */
- if (SSL_get_verify_result(ssl) == X509_V_OK) {
- const char *peername = SSL_get0_peername(ssl);
+ if (SSL_get_verify_result(ssl) == X509_V_OK) {
+ const char *peername = SSL_get0_peername(ssl);
- if (peername != NULL) {
- /* Name checks were in scope and matched the peername */
- }
- }
+ if (peername != NULL)
+ /* Name checks were in scope and matched the peername */
+ }
=head1 SEE ALSO
=head1 HISTORY
-These functions were first added to OpenSSL 1.1.0.
+These functions were added in OpenSSL 1.1.0.
=head1 COPYRIGHT
-Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
-Licensed under the OpenSSL license (the "License"). You may not use
+Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.