Tat, Well, did you write the client and put such a check in? That is what clients such as IE and Netscape do. These clients check the CN of the cert (and maybe the subjectAltDNSName??) to verify that it matches exactly what the user typed in. For example, if I type into IE https://www.verisign.com IE will check the server cert and discover that the hostname matches and load the page without complaint. If I type instead https://205.139.94.60 it will rightly complain. There are some exceptions to this rule for wildcarded domain names, but I am not sure what the exact rules are. _____________________________________ Greg Stark Ethentica, Inc. [EMAIL PROTECTED] _____________________________________ ----- Original Message ----- From: "Tat Sing Kong" <[EMAIL PROTECTED]> To: "openssl" <[EMAIL PROTECTED]> Sent: Tuesday, April 03, 2001 12:20 PM Subject: Certificate checking domain name > > All, > > I heard somewhere that sometimes the client checks the machine/domain > name in the server cert matches the actual machine/domain name it has > contacted. Is this true? How do I set up such a cert? > > My handshaking is dumping me out, I can only guess that this is the > reason. > > Tat. > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
