SSL: Verify certificate chain, but not peer host name

Posted Tue, 17 Jun 2014 23:53:56 GMT

Hi,

The title says it all – I'm using SSL streams, and want to verify that the peer certificate is trusted (has a valid certificate chain to a trusted root CA), but don't want to check the host name/address against the X.509 info.

This is handy if you just want to (mis)use client certificates to both authenticate and securely tunnel RPC calls, but you don't actually care about the client host name (it might not even have one) and/or IP address.

Is this possible using the new – and otherwise of course much improved from my half-baked attempt! – certificate validation interface?

Best,
David