Hi, a question about the SSL:
In SSL, the server certificate is checked by the
client as to whether the server actually holds the
private key of it. This is done by client sending the
session key signed by server's public key.
So, why there is a need for a check of domain name in
the server certificate? Shouldn't the above check be
enough?
Soner
____________________________________________________________________________________
Fussy? Opinionated? Impossible to please? Perfect. Join Yahoo!'s user panel
and lay it on us. http://surveylink.yahoo.com/gmrs/yahoo_panel_invite.asp?a=7
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
