On Wed, Nov 07, 2012 at 03:47:11PM +0100, Florian Weimer wrote: > Hi, > > the attached patch implements wildcard matching and introduces the > X509_CHECK_FLAG_NO_WILDCARDS flag to disable it if necessary. > > In addition, it implements case-insensitive comparison of host names > and email address domain parts, as required by RFC 5280. Domain > names and email addresses which contain NUL characters are now > rejected, to cope with some mis-issued certificates.
It would be nice if s_client would also did the hostname check. Kurt ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
