Function amqp_ssl_validate_hostname

Synopsis

#include <librabbitmq/amqp_openssl_hostname_validation.h>

amqp_hostname_validation_result amqp_ssl_validate_hostname(const char *hostname, const X509 *server_cert)

Description

Validates the server's identity by looking for the expected hostname in the server's certificate. As described in RFC 6125, it first tries to find a match in the Subject Alternative Name extension. If the extension is not present in the certificate, it checks the Common Name instead.

Returns AMQP_HVR_MATCH_FOUND if a match was found. Returns AMQP_HVR_MATCH_NOT_FOUND if no matches were found. Returns AMQP_HVR_MALFORMED_CERTIFICATE if any of the hostnames had a NUL character embedded in it. Returns AMQP_HVR_ERROR if there was an error.

Source

Lines 169-183 in librabbitmq/amqp_openssl_hostname_validation.c. Line 55 in librabbitmq/amqp_openssl_hostname_validation.h.

amqp_hostname_validation_result amqp_ssl_validate_hostname(
    const char *hostname, const X509 *server_cert) {
  amqp_hostname_validation_result result;

  if ((hostname == NULL) || (server_cert == NULL)) return AMQP_HVR_ERROR;

  // First try the Subject Alternative Names extension
  result = amqp_matches_subject_alternative_name(hostname, server_cert);
  if (result == AMQP_HVR_NO_SAN_PRESENT) {
    // Extension was not found: try the Common Name
    result = amqp_matches_common_name(hostname, server_cert);
  }

  return result;
}





Add Discussion as Guest

Log in to DocsForge