Tcl
Tcl
Require SSL Server Certificate Domain Match
See more HTTP Examples
Demonstrates how to require that the SSL server certificate's domain matches the intended domain.Chilkat Tcl Downloads
load ./chilkat.dll
set success 0
# This example assumes the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.
set http [new_CkHttp]
# Call SetSslCertRequirement to require that the SSL server certificate's domain
# matches only the domain we are intending to communicate with.
# In this example we will test with the URL https://wrong.host.badssl.com/
# which intentionally has an SSL certificate that does not match "wrong.host.badssl.com"
CkHttp_SetSslCertRequirement $http "SAN" "wrong.host.badssl.com"
# Also validate the server cert..
CkHttp_put_RequireSslCertVerify $http 1
# Try sending the request. It should fail within the SSL/TLS handshake
# because the server's certificate does not match the domain "wrong.host.badssl.com"
set html [CkHttp_quickGetStr $http "https://wrong.host.badssl.com/"]
if {[CkHttp_get_LastMethodSuccess $http] == 0} then {
puts [CkHttp_lastErrorText $http]
} else {
puts "Unexpected success."
}
delete_CkHttp $http