Hi,
when using TOG-Pegasus client library and trying to connect to cimserver via SSL, I came across this issue:
TOG-Pegasus does *not* verify server's certificate in terms of matching subject's Common Name, subject's Alternative Names (if x509v3 used). To be able to properly verify, who we are talking to, I made some changes to mentioned client's library [1]:
1. user is able to pass his own data via void-pointer 2. user is able to get Subject's Common Name in verification callback 3. user is able to get Subject's Alternative Names (if x509v3 used)
For a simple example, see [1].
I could not find reasonable way, how to implement a default verification callback in the library (as pywbem does).
Feel free to comment.
[1] http://bugzilla.openpegasus.org/show_bug.cgi?id=9848
openlmi-devel@lists.fedorahosted.org