Hi,
Does anyone know where in the certificate verification routine that it
checks the Common Name field against the device's interface IP
address?
Because the interface ip address may change at run time, it's preferred
to have the routine check the CN field against some constant value
instead
On Tue, Aug 15, 2006, Xie Grace Jingru-LJX001 wrote:
Hi,
Does anyone know where in the certificate verification routine that it
checks the Common Name field against the device's interface IP
address?
Because the interface ip address may change at run time, it's preferred
to have the
Hi,
Does anyone know where in the certificate verification routine that it
checks the Common Name field against the device's interface IP
address?
You want to check the CN against what the higher-level code intended to
connect to. The SSL library has no idea what the higher-level
David Schwartz wrote:
For example, if you try to connect to 'www.amazon.com' and the resolver
resolvers this to '72.21.206.5', you want to get a certificate for
'www.amazon.com'. A certificate for '72.21.206.5' would not prove to the
user that he reached 'www.amazon.com' because an
Verifying that you got the right certificate as opposed to a valid
certificate is outside the scope of what the SSL layer can do.
The key issue (pun intended) is possession of the associated private
key for the identity bound to the public key in the cert. If the
party possesses it,