Connect using IP address instead of URL "509 - Certificate verification failed, e.g. CRL, CA or signature check failed"
I am using MbedTLS client code based on this:
https://github.com/machinezone/IXWebSocket/blob/master/ixwebsocket/IXSocketM...
I am connecting to a server via it's URL. However, I would like to connect directly using an IP address returned from running the traceroute command on the URL.
So I replaced the URL with the IP address. However, MBedTLS fails on the handshake:
https://github.com/machinezone/IXWebSocket/blob/master/ixwebsocket/IXSocketM...
I get the error:
"error in handshake : X509 - Certificate verification failed, e.g. CRL, CA or signature check failed"
If I revert back to URL, it works. The IP address does exist.
How can I connect using the IP address, instead of the URL?
Apologies, it's this line number which is failing:
https://github.com/machinezone/IXWebSocket/blob/master/ixwebsocket/IXSocketM...
It's the same MbedTLS line:
res = mbedtls_ssl_handshake(&_ssl);
but it's when I am connecting.
TLS/HTTPS has to validate that the certificate has the name which you told it to connect to. For DNS names, that works. For IP addresses, that often does not work, because the certificate does not have the IP address in the subjectAltname. (It can be done).
THe question is really, why do you want to connect by IP? That just makes your life significantly harder.
I forgot to say: I want to force the ciphersuite to be TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256
and I am using TLS 1.2
mbed-tls@lists.trustedfirmware.org
-
M M -
Mbed TLS
-
Michael Richardson