PureBasic
PureBasic
HTTPS Server Certificate Require Hostname Match
See more HTTP Examples
Demonstrates and explains the RequireHostnameMatch property.Chilkat PureBasic Downloads
IncludeFile "CkHttp.pb"
Procedure ChilkatExample()
; The RequireHostnameMatch property was added in Chilkat v11.0.0
; to ensure the URL's hostname matches at least one of the server certificate SAN's (Subject Alternative Names)
;
; In actuality, it is the SNI hostname that must match. If the SNI hostname is not explicitly set,
; then Chilkat uses the hostname from the URL as the SNI hostname.
; Here's an example using chilkatsoft.com
; The SSL server certificate for chilkatsoft.com has 2 Subject Alternative Names:
;
; 1) DNS Name: *.chilkatsoft.com
; 2) DNS Name: chilkatsoft.com
;
; See Explaining the SNI Hostname in TLS
http.i = CkHttp::ckCreate()
If http.i = 0
Debug "Failed to create object."
ProcedureReturn
EndIf
CkHttp::setCkRequireHostnameMatch(http, 1)
; This should succeed because "www.chilkatsoft.com" matches the SAN entry "*.chilkatsoft.com"
html.s = CkHttp::ckQuickGetStr(http,"https://www.chilkatsoft.com/helloWorld.html")
Debug "1) Succeeded: " + Str(CkHttp::ckLastMethodSuccess(http))
; At the time of writing this example, the IP address for chilkatsoft.com is 3.101.18.47
; If we send the request using the IP address, it will fail because the IP address is does
; not match any of the SAN entries in the server certificate.
html = CkHttp::ckQuickGetStr(http,"https://3.101.18.47/helloWorld.html")
Debug "2) Succeeded: " + Str(CkHttp::ckLastMethodSuccess(http))
; However, it will succeed if we explicitly set the SNI hostname.
CkHttp::setCkSniHostname(http, "www.chilkatsoft.com")
html = CkHttp::ckQuickGetStr(http,"https://3.101.18.47/helloWorld.html")
Debug "3) Succeeded: " + Str(CkHttp::ckLastMethodSuccess(http))
; Remove our explicit SNI hostname.
CkHttp::setCkSniHostname(http, "")
; Now let's try wrong.host.badssl.com
; The SSL server certificate for badssl.com has 2 Subject Alternative Names:
;
; 1) DNS Name: *.badssl.com
; 2) DNS Name: badssl.com
; The domain wrong.host.badssl.com will fail the RequireHostnameMatch because
; the wildcarded domain SAN entry only extends 1 level deep.
html = CkHttp::ckQuickGetStr(http,"https://wrong.host.badssl.com/")
Debug "4) Succeeded: " + Str(CkHttp::ckLastMethodSuccess(http))
; The expected output is:
; 1) Succeeded: True
; 2) Succeeded: False
; 3) Succeeded: True
; 4) Succeeded: False
CkHttp::ckDispose(http)
ProcedureReturn
EndProcedure