C
C
Require SSL Server Certificate Domain Match
See more HTTP Examples
Demonstrates how to require that the SSL server certificate's domain matches the intended domain.Chilkat C Downloads
#include <C_CkHttp.h>
void ChilkatSample(void)
{
BOOL success;
HCkHttp http;
const char *html;
success = FALSE;
// This example assumes the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.
http = CkHttp_Create();
// Call SetSslCertRequirement to require that the SSL server certificate's domain
// matches only the domain we are intending to communicate with.
// In this example we will test with the URL https://wrong.host.badssl.com/
// which intentionally has an SSL certificate that does not match "wrong.host.badssl.com"
CkHttp_SetSslCertRequirement(http,"SAN","wrong.host.badssl.com");
// Also validate the server cert..
CkHttp_putRequireSslCertVerify(http,TRUE);
// Try sending the request. It should fail within the SSL/TLS handshake
// because the server's certificate does not match the domain "wrong.host.badssl.com"
html = CkHttp_quickGetStr(http,"https://wrong.host.badssl.com/");
if (CkHttp_getLastMethodSuccess(http) == FALSE) {
printf("%s\n",CkHttp_lastErrorText(http));
}
else {
printf("Unexpected success.\n");
}
CkHttp_Dispose(http);
}