Sample code for 30+ languages & platforms
Visual FoxPro

HTTPS Server Certificate Require Hostname Match

See more HTTP Examples

Demonstrates and explains the RequireHostnameMatch property.

Chilkat Visual FoxPro Downloads

Visual FoxPro
LOCAL loHttp
LOCAL lcHtml

* The RequireHostnameMatch property was added in Chilkat v11.0.0
* to ensure the URL's hostname matches at least one of the server certificate SAN's (Subject Alternative Names)
* 
* In actuality, it is the SNI hostname that must match.  If the SNI hostname is not explicitly set,
* then Chilkat uses the hostname from the URL as the SNI hostname.

* Here's an example using chilkatsoft.com
* The SSL server certificate for chilkatsoft.com has 2 Subject Alternative Names:
* 
* 1) DNS Name: *.chilkatsoft.com
* 2) DNS Name: chilkatsoft.com
* 
* See Explaining the SNI Hostname in TLS

loHttp = CreateObject('Chilkat.Http')

loHttp.RequireHostnameMatch = 1

* This should succeed because "www.chilkatsoft.com" matches the SAN entry "*.chilkatsoft.com"
lcHtml = loHttp.QuickGetStr("https://www.chilkatsoft.com/helloWorld.html")
? "1) Succeeded: " + STR(loHttp.LastMethodSuccess)

* At the time of writing this example, the IP address for chilkatsoft.com is 3.101.18.47
* If we send the request using the IP address, it will fail because the IP address is does 
* not match any of the SAN entries in the server certificate.
lcHtml = loHttp.QuickGetStr("https://3.101.18.47/helloWorld.html")
? "2) Succeeded: " + STR(loHttp.LastMethodSuccess)

* However, it will succeed if we explicitly set the SNI hostname.
loHttp.SniHostname = "www.chilkatsoft.com"
lcHtml = loHttp.QuickGetStr("https://3.101.18.47/helloWorld.html")
? "3) Succeeded: " + STR(loHttp.LastMethodSuccess)

* Remove our explicit SNI hostname.
loHttp.SniHostname = ""

* Now let's try wrong.host.badssl.com
* The SSL server certificate for badssl.com has 2 Subject Alternative Names:
* 
* 1) DNS Name: *.badssl.com
* 2) DNS Name: badssl.com

* The domain wrong.host.badssl.com will fail the RequireHostnameMatch because
* the wildcarded domain SAN entry only extends 1 level deep.  
lcHtml = loHttp.QuickGetStr("https://wrong.host.badssl.com/")
? "4) Succeeded: " + STR(loHttp.LastMethodSuccess)

* The expected output is:
* 1) Succeeded: True
* 2) Succeeded: False
* 3) Succeeded: True
* 4) Succeeded: False

RELEASE loHttp