Re: NameConstraints are not being applied (or I don't know how to enforce them?)

David Woodhouse Thu, 03 Jun 2010 17:33:04 -0700

On Thu, 2010-06-03 at 13:47 -0400, Victor Duchovni wrote:
> Generally, OpenSSL does not verify peer names, only the certificate
> trust chain, and peername checks are left up to applications.


Which is a shame... I'm far too stupid to be writing code like
http://git.infradead.org/users/dwmw2/openconnect.git?a=blob;f=ssl.c;hp=v2.25#l436
 for myself, and I would much rather have used a library function ;)

-- 
dwmw2

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Re: NameConstraints are not being applied (or I don't know how to enforce them?)

Reply via email to