> Apologies in advance if this is a dumb question. I have tried several > avenues before resorting to the mail list. I have made OpenSSL 0.9.3a for > NT for non-RSA algorithms (EDH-DSA-DES-SHA is selected). The test > programs (s_server and s_client) appear to run happily on the same machine > with verify set to 1. I decided to test between machines and realized that > the client is not checking the hostname of the server against the contents > of the server certificate for validation. I say that because the verify > callback provides a value of 1 (OK) coming in to the function. My > understanding was that this check was inherent in server certificate > authentication. > > I created the certificates being used with openssl.cnf as the template. Do > I need to change something in the .cnf file to cause the certificate > verification to check for a match between the peer hostname and the CN in > the certificate? Is CN the correct field for this check? Is there a > command parameter I have overlooked? > > Thanks in advance for any feedback on this question. > > Phil Burgard > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
