Also, when this happens in a browser there will be security warnings, but the user can still bypass it. With automated systems this is harder to do, there may be an option with the underlying SSL provider on the platform being used to perform a similar bypass (since the browser can bypass it and they almost always use the same subsystems)
> On Nov 19, 2018, at 1:47 PM, Robert Engels <[email protected]> wrote: > > The certificate has the domain in it. So, think of the reverse. Someone > highjacks the domain and uses a bogus certificate (valid but not for the real > company) If the two weren’t linked there would be no way to stop this (as the > certificate is still valid) > By linking the certificate and the domain it is that much harder to break - > both need to be compromised. > >> On Nov 19, 2018, at 1:42 PM, solomon lifshits <[email protected]> wrote: >> >> Thank you for reply. The only thing I am trying to "bypass" is the DNS >> resolution, so could you please elaborate how DNS resolution contributes to >> SSL security? >> >>> On Monday, November 19, 2018 at 2:06:31 PM UTC-5, Robert Engels wrote: >>> I’m pretty sure what you are asking breaks the security of using SSL... the >>> certificates are issued to a domain for that reason, otherwise any valid >>> certificate would be acceptable to the caller. >>> >>>> On Nov 19, 2018, at 12:33 PM, solomon lifshits <[email protected]> wrote: >>>> >>>> Since the function SetSslTargetNameOverride is marked as test only, I am >>>> asking whether there is any "legal" alternative to connect to a server >>>> with specific IP address, while using a host name for server name >>>> indication? Any possibility for forced resolution of a hostname? If a tls >>>> certificate is issued for a hostname, but an rpc call has to be done on >>>> specific machine? Any ideas? Thanks in advance! >>>> -- >>>> You received this message because you are subscribed to the Google Groups >>>> "grpc.io" group. >>>> To unsubscribe from this group and stop receiving emails from it, send an >>>> email to [email protected]. >>>> To post to this group, send email to [email protected]. >>>> Visit this group at https://groups.google.com/group/grpc-io. >>>> To view this discussion on the web visit >>>> https://groups.google.com/d/msgid/grpc-io/c5c3c642-1317-41fe-afd4-d7ff8c117585%40googlegroups.com. >>>> For more options, visit https://groups.google.com/d/optout. >> >> -- >> You received this message because you are subscribed to the Google Groups >> "grpc.io" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To post to this group, send email to [email protected]. >> Visit this group at https://groups.google.com/group/grpc-io. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/grpc-io/14e8e820-3e37-471c-95f8-de2027ae3ef8%40googlegroups.com. >> For more options, visit https://groups.google.com/d/optout. > -- > You received this message because you are subscribed to the Google Groups > "grpc.io" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > Visit this group at https://groups.google.com/group/grpc-io. > To view this discussion on the web visit > https://groups.google.com/d/msgid/grpc-io/251287BC-A2B9-44B7-834C-85BA4EFB7D94%40earthlink.net. > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "grpc.io" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/grpc-io. To view this discussion on the web visit https://groups.google.com/d/msgid/grpc-io/149D6A0C-CD3A-424B-8DCA-F85C276F1EB6%40earthlink.net. For more options, visit https://groups.google.com/d/optout.
