On Wed, 2011-08-17 at 13:56 -0700, am am wrote: > Thank you for the reply. > Your point makes a lot of sense. > But you are describing a security exploit. > This begs the question: Does this mean that a certificate is not > supposed to be issued (ever) to an IP i.e. CN=IP?
No, it does not. CN can be an IP. However, in this case one must always connect to the host by its IP in order for the hostname verification to succeed. Oleg --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
