Dixitur illum [EMAIL PROTECTED] scribere... >Does this still test for the hash of the cert in SSL_CERT_DIR? Since this is
Yes, of course - the CN is tested in a totally different step. If both (1) and (2) are fulfilled, then only the user is not warned. (1) - certificate is trusted (2) - certificate's CN matches hostname >It might be an idea to be able to toggle accepting wildcard certs or being >stricter on the matching of CN to hostname (if interested). I don't think so; in addition to that, only very few wildcart certificates exist, and I've never seen one where it's not for service aliases (eg. the * matches www,ftp,snews). >On Wed, 21 Jul 2004, Thorsten Glaser wrote: Please don't top-post and full-quote, it wastes everyone's traffic. Read http://www.afaik.de/usenet/faq/zitieren/ (it has got links to an English translation). //Thorsten -- Currently blocking eMail from the following domains: bigpond.com, biz, gmx.de, gmx.net, hotmail.com, info, jumpy.it, libero.it, name, netscape.net, postino.it, simplesnet.pt, spymac.com, tatanova.com, tiscali.co.uk, tiscali.cz, tiscali.de, tiscali.it, voila.fr, yahoo.co.uk, yahoo.com. _______________________________________________ Lynx-dev mailing list [EMAIL PROTECTED] http://lists.nongnu.org/mailman/listinfo/lynx-dev
