|
Chilkat • HOME • Android™ • AutoIt • C • C# • C++ • Chilkat2-Python • CkPython • Classic ASP • DataFlex • Delphi DLL • Go • Java • Node.js • Objective-C • PHP Extension • Perl • PowerBuilder • PowerShell • PureBasic • Ruby • SQL Server • Swift • Tcl • Unicode C • Unicode C++ • VB.NET • VBScript • Visual Basic 6.0 • Visual FoxPro • Xojo Plugin
(SQL Server) HTTPS Server Certificate Require Hostname MatchSee more HTTP ExamplesDemonstrates and explains the RequireHostnameMatch property.Note: This example requires Chilkat v11.0.0 or greater.
-- Important: See this note about string length limitations for strings returned by sp_OAMethod calls. -- CREATE PROCEDURE ChilkatSample AS BEGIN DECLARE @hr int DECLARE @iTmp0 int -- The RequireHostnameMatch property was added in Chilkat v11.0.0 -- to ensure the URL's hostname matches at least one of the server certificate SAN's (Subject Alternative Names) -- -- In actuality, it is the SNI hostname that must match. If the SNI hostname is not explicitly set, -- then Chilkat uses the hostname from the URL as the SNI hostname. -- Here's an example using chilkatsoft.com -- The SSL server certificate for chilkatsoft.com has 2 Subject Alternative Names: -- -- 1) DNS Name: *.chilkatsoft.com -- 2) DNS Name: chilkatsoft.com -- -- See Explaining the SNI Hostname in TLS DECLARE @http int -- Use "Chilkat_9_5_0.Http" for versions of Chilkat < 10.0.0 EXEC @hr = sp_OACreate 'Chilkat.Http', @http OUT IF @hr <> 0 BEGIN PRINT 'Failed to create ActiveX component' RETURN END EXEC sp_OASetProperty @http, 'RequireHostnameMatch', 1 -- This should succeed because "www.chilkatsoft.com" matches the SAN entry "*.chilkatsoft.com" DECLARE @html nvarchar(4000) EXEC sp_OAMethod @http, 'QuickGetStr', @html OUT, 'https://www.chilkatsoft.com/helloWorld.html' EXEC sp_OAGetProperty @http, 'LastMethodSuccess', @iTmp0 OUT PRINT '1) Succeeded: ' + @iTmp0 -- At the time of writing this example, the IP address for chilkatsoft.com is 3.101.18.47 -- If we send the request using the IP address, it will fail because the IP address is does -- not match any of the SAN entries in the server certificate. EXEC sp_OAMethod @http, 'QuickGetStr', @html OUT, 'https://3.101.18.47/helloWorld.html' EXEC sp_OAGetProperty @http, 'LastMethodSuccess', @iTmp0 OUT PRINT '2) Succeeded: ' + @iTmp0 -- However, it will succeed if we explicitly set the SNI hostname. EXEC sp_OASetProperty @http, 'SniHostname', 'www.chilkatsoft.com' EXEC sp_OAMethod @http, 'QuickGetStr', @html OUT, 'https://3.101.18.47/helloWorld.html' EXEC sp_OAGetProperty @http, 'LastMethodSuccess', @iTmp0 OUT PRINT '3) Succeeded: ' + @iTmp0 -- Remove our explicit SNI hostname. EXEC sp_OASetProperty @http, 'SniHostname', '' -- Now let's try wrong.host.badssl.com -- The SSL server certificate for badssl.com has 2 Subject Alternative Names: -- -- 1) DNS Name: *.badssl.com -- 2) DNS Name: badssl.com -- The domain wrong.host.badssl.com will fail the RequireHostnameMatch because -- the wildcarded domain SAN entry only extends 1 level deep. EXEC sp_OAMethod @http, 'QuickGetStr', @html OUT, 'https://wrong.host.badssl.com/' EXEC sp_OAGetProperty @http, 'LastMethodSuccess', @iTmp0 OUT PRINT '4) Succeeded: ' + @iTmp0 -- The expected output is: -- 1) Succeeded: True -- 2) Succeeded: False -- 3) Succeeded: True -- 4) Succeeded: False EXEC @hr = sp_OADestroy @http END GO |
||||
© 2000-2025 Chilkat Software, Inc. All Rights Reserved.