[EMAIL PROTECTED] wrote: > > I created a cert with the host name known as www.evilempire.com > and netscape was quite happy to accept it and never reported that > the URL I typed in does not match the name carried within the cert. You're wrong. Even those old Netscape Navigator 4.0x certainly asks if the host name component of the URL does not match CN attribute of the server cert. There was a bug in Netscape browser (4.72 and earlier version) related to session caching. Maybe this is what you're experiencing. (But I doubt it.) Compare with: http://www.cert.org/advisories/CA-2000-05.html http://www.cert.org/advisories/CA-2000-08.html Ciao, Michael. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
