Sorry, Richard. Maybe I didn't put it clearly. There r two names, one is from the certificate, another one is from DNS. They must match.
The other one is *not* from DNS, but from the *user* (step 1 from Lutz' list). The user wants to connect to a specific site, and the system has to ensure that it does, what the *user* wants. Therefore, get the FQDN from the *user* and ensure that the name from the certificate agrees with the FQDN from the *user*.
Ciao,
Richard
--
Dr. Richard W. Könning
Fujitsu Siemens Computers GmbH, EP LP COM 5
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
