On Wed, Jul 18, 2007 at 11:38:57AM -0700, Soner Sevin? wrote:
> Hi, a question about the SSL:
>
> In SSL, the server certificate is checked by the
> client as to whether the server actually holds the
> private key of it. This is done by client sending the
> session key signed by server's public key.
Every server passes this test given possession by the server of any
matching private/public key pair.
> So, why there is a need for a check of domain name in
> the server certificate? Shouldn't the above check be
> enough?
Because one wants to authenticate key exchange with a *specific* peer,
not just any peer which provides valid but not necessarily the expected
"proof of identity".
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
