I am trying to verify certificates using openssl. I verified the certificate chain itself and I want to check if the subject of the certificate matches the server name from the SSL field.
My code runs over the ssl sessions, First I want to extracted the server name from the packet (for this purpose I’m trying to use
ssl.handshake.extensions_server_name field in tshark) and check it against the domains in the output of the command
openssl x509 -text -noout cert.pem under the title: “X509v3 Subject Alternative Name”.
It worked good on my test files, but while running the code on large file, it seems that there are ssl sessions that has no packet with the mentioned field (even though the browser didn’t alert anything).
how can I still verify the name of the server ?
My question is - How is it possible that the server name is not included in the handshake? And when such situation happens, how can I get a name that is supposed to be verified against the one in the certificate?
Pastebin of a certificate in which i have seen the problem (happens in another different cases) https://pastebin.com/QehLJjLX
Thank you !