On Jan 3, 2013, at 3:56 PM, Dan Langille <d...@langille.org> wrote: > Comments? Ideas?
Hmm. When I wrote the documentation (or, at least, the article that was turned into the documentation), I may have been thinking that client->server communications would -always- verify the peer's certificate, and that 'TLS Verify Peer' would only be used to verify optional client certificates. Or, perhaps that was how I originally implemented it, and then it changed. It's been a long time. Either way, it certainly seems to be the case now that it controls verification of the "peer", regardless of whether the peer is a client or a server (in the TLS sense). My one concern is if the implementation is not automatically matching the certificate's CN against the supplied host name to which it is connecting, and instead relying on 'TLS Allowed CN'. -landonf ------------------------------------------------------------------------------ Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft MVPs and experts. SALE $99.99 this month only -- learn more at: http://p.sf.net/sfu/learnmore_122412 _______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
