![]() |
Chilkat HOME Android™ AutoIt C C# C++ Chilkat2-Python CkPython Classic ASP DataFlex Delphi DLL Go Java Node.js Objective-C PHP Extension Perl PowerBuilder PowerShell PureBasic Ruby SQL Server Swift Tcl Unicode C Unicode C++ VB.NET VBScript Visual Basic 6.0 Visual FoxPro Xojo Plugin
(Visual FoxPro) HTTPS Server Certificate Require Hostname MatchSee more HTTP ExamplesDemonstrates and explains the RequireHostnameMatch property.Note: This example requires Chilkat v11.0.0 or greater.
LOCAL loHttp LOCAL lcHtml * The RequireHostnameMatch property was added in Chilkat v11.0.0 * to ensure the URL's hostname matches at least one of the server certificate SAN's (Subject Alternative Names) * * In actuality, it is the SNI hostname that must match. If the SNI hostname is not explicitly set, * then Chilkat uses the hostname from the URL as the SNI hostname. * Here's an example using chilkatsoft.com * The SSL server certificate for chilkatsoft.com has 2 Subject Alternative Names: * * 1) DNS Name: *.chilkatsoft.com * 2) DNS Name: chilkatsoft.com * * See Explaining the SNI Hostname in TLS * For versions of Chilkat < 10.0.0, use CreateObject('Chilkat_9_5_0.Http') loHttp = CreateObject('Chilkat.Http') loHttp.RequireHostnameMatch = 1 * This should succeed because "www.chilkatsoft.com" matches the SAN entry "*.chilkatsoft.com" lcHtml = loHttp.QuickGetStr("https://www.chilkatsoft.com/helloWorld.html") ? "1) Succeeded: " + STR(loHttp.LastMethodSuccess) * At the time of writing this example, the IP address for chilkatsoft.com is 3.101.18.47 * If we send the request using the IP address, it will fail because the IP address is does * not match any of the SAN entries in the server certificate. lcHtml = loHttp.QuickGetStr("https://3.101.18.47/helloWorld.html") ? "2) Succeeded: " + STR(loHttp.LastMethodSuccess) * However, it will succeed if we explicitly set the SNI hostname. loHttp.SniHostname = "www.chilkatsoft.com" lcHtml = loHttp.QuickGetStr("https://3.101.18.47/helloWorld.html") ? "3) Succeeded: " + STR(loHttp.LastMethodSuccess) * Remove our explicit SNI hostname. loHttp.SniHostname = "" * Now let's try wrong.host.badssl.com * The SSL server certificate for badssl.com has 2 Subject Alternative Names: * * 1) DNS Name: *.badssl.com * 2) DNS Name: badssl.com * The domain wrong.host.badssl.com will fail the RequireHostnameMatch because * the wildcarded domain SAN entry only extends 1 level deep. lcHtml = loHttp.QuickGetStr("https://wrong.host.badssl.com/") ? "4) Succeeded: " + STR(loHttp.LastMethodSuccess) * The expected output is: * 1) Succeeded: True * 2) Succeeded: False * 3) Succeeded: True * 4) Succeeded: False RELEASE loHttp |
© 2000-2025 Chilkat Software, Inc. All Rights Reserved.