-
Feature Request
-
Resolution: Done
-
Major
-
4.0.5
-
None
In SSL_KEY_EXCHANGE, when an SSL session has been established, we're sure that the credentials of the server and client are OK.
However, an additional check might be required, e.g. that the CN in the peer's certificate always matches a given pattern, or that the org always is "IBM" (for example).
If this is not the case, terminate the SSL connection.
Todo: add the fully qualified name of a class and an argument (e.g. the pattern). An instance of the class will be created and initialized with the pattern. When an SSL session has been created (connect() on the client, accept() on the server), the verify() method in the instance is called and it needs to throw a SecurityException if the session cannot be accepted.