2 // ssl/impl/host_name_verification.ipp
3 // ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
5 // Copyright (c) 2003-2022 Christopher M. Kohlhoff (chris at kohlhoff dot com)
7 // Distributed under the Boost Software License, Version 1.0. (See accompanying
8 // file LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt)
11 #ifndef BOOST_ASIO_SSL_IMPL_HOST_NAME_VERIFICATION_IPP
12 #define BOOST_ASIO_SSL_IMPL_HOST_NAME_VERIFICATION_IPP
14 #if defined(_MSC_VER) && (_MSC_VER >= 1200)
16 #endif // defined(_MSC_VER) && (_MSC_VER >= 1200)
18 #include <boost/asio/detail/config.hpp>
22 #include <boost/asio/ip/address.hpp>
23 #include <boost/asio/ssl/host_name_verification.hpp>
24 #include <boost/asio/ssl/detail/openssl_types.hpp>
26 #include <boost/asio/detail/push_options.hpp>
32 bool host_name_verification::operator()(
33 bool preverified, verify_context& ctx) const
35 using namespace std; // For memcmp.
37 // Don't bother looking at certificates that have failed pre-verification.
41 // We're only interested in checking the certificate at the end of the chain.
42 int depth = X509_STORE_CTX_get_error_depth(ctx.native_handle());
46 // Try converting the host name to an address. If it is an address then we
47 // need to look for an IP address in the certificate rather than a host name.
48 boost::system::error_code ec;
49 ip::address address = ip::make_address(host_, ec);
50 const bool is_address = !ec;
53 X509* cert = X509_STORE_CTX_get_current_cert(ctx.native_handle());
57 return X509_check_ip_asc(cert, host_.c_str(), 0) == 1;
62 const int result = X509_check_host(cert,
63 host_.c_str(), host_.size(), 0, &peername);
64 OPENSSL_free(peername);
73 #include <boost/asio/detail/pop_options.hpp>
75 #endif // BOOST_ASIO_SSL_IMPL_HOST_NAME_VERIFICATION_IPP