-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Clem Taylor schrieb: > Hi, Hello Clem,
> It seems silly that the browser is putting so much trust > into DNS or an IP address. I'm hoping someone knows of a better > solution to this problem. No the other way around: It assumes the user want to access the host with a given host name. To test if he really has connected the host name, it tests if the certificate was issued for this host. If the name doesn't match, it assumes the host is not really the host the user wanted to connect. > Also, do common web browsers support multiple having multiple possible > common name entries in a subject? Most of the devices won't have DNS > names, but in the rare case that they do, I'd like to have the browser > not complain about using either the IP or the common name. For that you use the subjectAltName extension. It allows setting of multiple host names / IP addresses... Bye Goetz - -- DMCA: The greed of the few outweighs the freedom of the many -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFWuD/2iGqZUF3qPYRAqnOAJ9ItSSsIpsKfqChRRJNlVsggMFMOQCeJf4i ZFEq02TnVEv2f+xFwLxK89w= =QPR8 -----END PGP SIGNATURE----- ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
