|
Chilkat • HOME • Android™ • AutoIt • C • C# • C++ • Chilkat2-Python • CkPython • Classic ASP • DataFlex • Delphi DLL • Go • Java • Node.js • Objective-C • PHP Extension • Perl • PowerBuilder • PowerShell • PureBasic • Ruby • SQL Server • Swift • Tcl • Unicode C • Unicode C++ • VB.NET • VBScript • Visual Basic 6.0 • Visual FoxPro • Xojo Plugin
(PureBasic) HTTPS Server Certificate Require Hostname MatchSee more HTTP ExamplesDemonstrates and explains the RequireHostnameMatch property.Note: This example requires Chilkat v11.0.0 or greater.
IncludeFile "CkHttp.pb" Procedure ChilkatExample() ; The RequireHostnameMatch property was added in Chilkat v11.0.0 ; to ensure the URL's hostname matches at least one of the server certificate SAN's (Subject Alternative Names) ; ; In actuality, it is the SNI hostname that must match. If the SNI hostname is not explicitly set, ; then Chilkat uses the hostname from the URL as the SNI hostname. ; Here's an example using chilkatsoft.com ; The SSL server certificate for chilkatsoft.com has 2 Subject Alternative Names: ; ; 1) DNS Name: *.chilkatsoft.com ; 2) DNS Name: chilkatsoft.com ; ; See Explaining the SNI Hostname in TLS http.i = CkHttp::ckCreate() If http.i = 0 Debug "Failed to create object." ProcedureReturn EndIf CkHttp::setCkRequireHostnameMatch(http, 1) ; This should succeed because "www.chilkatsoft.com" matches the SAN entry "*.chilkatsoft.com" html.s = CkHttp::ckQuickGetStr(http,"https://www.chilkatsoft.com/helloWorld.html") Debug "1) Succeeded: " + Str(CkHttp::ckLastMethodSuccess(http)) ; At the time of writing this example, the IP address for chilkatsoft.com is 3.101.18.47 ; If we send the request using the IP address, it will fail because the IP address is does ; not match any of the SAN entries in the server certificate. html = CkHttp::ckQuickGetStr(http,"https://3.101.18.47/helloWorld.html") Debug "2) Succeeded: " + Str(CkHttp::ckLastMethodSuccess(http)) ; However, it will succeed if we explicitly set the SNI hostname. CkHttp::setCkSniHostname(http, "www.chilkatsoft.com") html = CkHttp::ckQuickGetStr(http,"https://3.101.18.47/helloWorld.html") Debug "3) Succeeded: " + Str(CkHttp::ckLastMethodSuccess(http)) ; Remove our explicit SNI hostname. CkHttp::setCkSniHostname(http, "") ; Now let's try wrong.host.badssl.com ; The SSL server certificate for badssl.com has 2 Subject Alternative Names: ; ; 1) DNS Name: *.badssl.com ; 2) DNS Name: badssl.com ; The domain wrong.host.badssl.com will fail the RequireHostnameMatch because ; the wildcarded domain SAN entry only extends 1 level deep. html = CkHttp::ckQuickGetStr(http,"https://wrong.host.badssl.com/") Debug "4) Succeeded: " + Str(CkHttp::ckLastMethodSuccess(http)) ; The expected output is: ; 1) Succeeded: True ; 2) Succeeded: False ; 3) Succeeded: True ; 4) Succeeded: False CkHttp::ckDispose(http) ProcedureReturn EndProcedure |
||||
© 2000-2025 Chilkat Software, Inc. All Rights Reserved.