On Mon, Nov 19, 2012, Kurt Roeckx wrote: > On Wed, Nov 07, 2012 at 03:47:11PM +0100, Florian Weimer wrote: > > Hi, > > > > the attached patch implements wildcard matching and introduces the > > X509_CHECK_FLAG_NO_WILDCARDS flag to disable it if necessary. > > > > In addition, it implements case-insensitive comparison of host names > > and email address domain parts, as required by RFC 5280. Domain > > names and email addresses which contain NUL characters are now > > rejected, to cope with some mis-issued certificates. > > It would be nice if s_client would also did the hostname check. >
There is an option -checkhost in s_client that does this though currently you have to explicitly pass the hostname to check as an argument. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org