Sample code for 30+ languages & platforms
PureBasic

HTTPS Server Certificate Require Hostname Match

See more HTTP Examples

Demonstrates and explains the RequireHostnameMatch property.

Chilkat PureBasic Downloads

PureBasic
IncludeFile "CkHttp.pb"

Procedure ChilkatExample()

    ; The RequireHostnameMatch property was added in Chilkat v11.0.0
    ; to ensure the URL's hostname matches at least one of the server certificate SAN's (Subject Alternative Names)
    ; 
    ; In actuality, it is the SNI hostname that must match.  If the SNI hostname is not explicitly set,
    ; then Chilkat uses the hostname from the URL as the SNI hostname.

    ; Here's an example using chilkatsoft.com
    ; The SSL server certificate for chilkatsoft.com has 2 Subject Alternative Names:
    ; 
    ; 1) DNS Name: *.chilkatsoft.com
    ; 2) DNS Name: chilkatsoft.com
    ; 
    ; See Explaining the SNI Hostname in TLS

    http.i = CkHttp::ckCreate()
    If http.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    CkHttp::setCkRequireHostnameMatch(http, 1)

    ; This should succeed because "www.chilkatsoft.com" matches the SAN entry "*.chilkatsoft.com"
    html.s = CkHttp::ckQuickGetStr(http,"https://www.chilkatsoft.com/helloWorld.html")
    Debug "1) Succeeded: " + Str(CkHttp::ckLastMethodSuccess(http))

    ; At the time of writing this example, the IP address for chilkatsoft.com is 3.101.18.47
    ; If we send the request using the IP address, it will fail because the IP address is does 
    ; not match any of the SAN entries in the server certificate.
    html = CkHttp::ckQuickGetStr(http,"https://3.101.18.47/helloWorld.html")
    Debug "2) Succeeded: " + Str(CkHttp::ckLastMethodSuccess(http))

    ; However, it will succeed if we explicitly set the SNI hostname.
    CkHttp::setCkSniHostname(http, "www.chilkatsoft.com")
    html = CkHttp::ckQuickGetStr(http,"https://3.101.18.47/helloWorld.html")
    Debug "3) Succeeded: " + Str(CkHttp::ckLastMethodSuccess(http))

    ; Remove our explicit SNI hostname.
    CkHttp::setCkSniHostname(http, "")

    ; Now let's try wrong.host.badssl.com
    ; The SSL server certificate for badssl.com has 2 Subject Alternative Names:
    ; 
    ; 1) DNS Name: *.badssl.com
    ; 2) DNS Name: badssl.com

    ; The domain wrong.host.badssl.com will fail the RequireHostnameMatch because
    ; the wildcarded domain SAN entry only extends 1 level deep.  
    html = CkHttp::ckQuickGetStr(http,"https://wrong.host.badssl.com/")
    Debug "4) Succeeded: " + Str(CkHttp::ckLastMethodSuccess(http))

    ; The expected output is:
    ; 1) Succeeded: True
    ; 2) Succeeded: False
    ; 3) Succeeded: True
    ; 4) Succeeded: False


    CkHttp::ckDispose(http)


    ProcedureReturn
EndProcedure