Hi Richard, In your case, it is the client want to check server. I know it is common to check server's location. But now I want to check client as well. The server doesn't know where the client comes from, so the server needs to get client's ip address and then its FQDN. I think this problem is security model related. If your client's location is very flexible, from one domain to another, then we can't check it based where it is from. In this case, maybe u can create a list for the client's legtimate locations. Ciao
Jacky ----- Original Message ----- From: "Richard Koenning" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, July 23, 2003 10:20 AM Subject: Re: FQDN > Jue (Jacky) Shu wrote: > > Sorry, Richard. > > Maybe I didn't put it clearly. > > There r two names, one is from the certificate, another one is from DNS. > > They must match. > > The other one is *not* from DNS, but from the *user* (step 1 from Lutz' > list). The user wants to connect to a specific site, and the system has > to ensure that it does, what the *user* wants. Therefore, get the FQDN > from the *user* and ensure that the name from the certificate agrees > with the FQDN from the *user*. > Ciao, > Richard > -- > Dr. Richard W. Könning > Fujitsu Siemens Computers GmbH, EP LP COM 5 > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
