On Mon, Aug 21, 2000 at 12:55:42PM +0300, Marko Asplund wrote:
> i'm a bit confused by this message. the common name field in the
> certificate signing request is CN=puppa.huuhaa.org. how can it be that
> browsers would give name mismatch warnings if the URL used is not
> https://puppa.huuhaa.org/? don't browsers match server name against the
> certificate's CN field's value and not the URL through which the server is
> accessed?
The browsers don't have the slightest idea on the "server name". The only
reliable information is the URL. A hostname being obtained by DNS lookup
may already be faked by someone tampering with your DNS servers (or packets).
A server name sent by the server itself is also not trustworthy.
If you want to connect to "https://www.my-bank.com", you want to be sure
to be connected to www.my-bank.com and not to "www.bandits.org", regardless
of any other server names/DNS entries...
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
