2 Replies Latest reply on Jan 18, 2015 11:01 PM by a.ceglarek

    SSL - Certificate subject does not match remote hostname

    a.ceglarek

      Hi

       

      I try ssl connection and every thing looks good, but when I tested correct certification I saw that Wiced doesn't check the hostname form public serwer certificate with lookup domain.

       

      In wiced_tls_init_simple_context we set peer_cn e.g "mydomain.com"

       

           context->context.peer_cn = peer_cn;

       

      In wiced_tcp_enable_tls context pointer is assigned to socket.

       

          socket->tls_context = context;

       

      And until this moment everything looks great but next, in wiced_tcp_connect() when we socket->tls_context != NULL runs wiced_tcp_start_tls() next wiced_tcp_start_tls_with_ciphers() and first line we have

       

      memset( &tls_context->context, 0, sizeof(wiced_tls_context_t) );

       

      Probably in ssl_init performs zeroing of context too

       

       

      And now my question, is any idea to repair this problem with Wiced function or I must write myself function whitch compare mydomain with decrypted public server certificate because we have this in

       

      tls_context->context.peer_cert->subject.val.p

       

      at the and on wiced_tcp_start_tls_with_ciphers()?

       

       

      I use SDK 3.1.1.

       

      Best regards