4822l2

Listing 2. check_cert() Function

31  void check_cert(ssl,host)
32    SSL *ssl;
33    char *host;
34    {
35      X509 *peer;
36      char peer_CN[256];
37
38      if(SSL_get_verify_result(ssl)!=X509_V_OK)
39        berr_exit("Certificate doesn't verify");
40
41      /*Check the cert chain. The chain length
42        is automatically checked by OpenSSL when
43        we set the verify depth in the ctx */
44
45      /*Check the common name*/
46      peer=SSL_get_peer_certificate(ssl);
47      X509_NAME_get_text_by_NID
48        (X509_get_subject_name(peer),
49        NID_commonName, peer_CN, 256);
50      if(strcasecmp(peer_CN,host))
51      err_exit
52        ("Common name doesn't match host name");
53    }