I have 6.0 for the DigiConnect ME, and in the help file for the NASSLConnect function, I see this note:
This function does not check the certificate information passed to it by the server. It does not authenticate the server.
Has this been addressed in later revisions? Is this still true in 6.3 for instance? If it has been addressed, what must I do to update to the latest revision?
It is imperative I am able to authenticate the host as well as the host authenticate my app.
Also, I assume after using NASSLConnect, I will use the normal socket functions with the returned socket handle?
The behavior of SSL, in NET+OS 6.3 continues to be the same as 6.0. No server-side certificate verification is performed. There are no plans, at this point in time, to modify this behavior.
As for your socket related question, yes, on you have successfully called NASSLConnect you will use the standard socket calls, i.e. send, recv, etc.
This is very bad news indeed. Our application will need to make a secure connection to an HTTPS host application to process credit card transactions. There is no way we can get certified if it is possible to spoof the host, which is possible if the host certificate is not authorized.