>From my experience with a Thawte certificate: I could use a
www.something.co.za certificate for
https, simap, spop and some other things as long as the name used by the
program requesting it, was www.something.co.za. The protocol and ports
did not matter at all.
Hope this helps.
Robert Sandilands
Marko Asplund wrote:
>
> On Mon, 21 Aug 2000, Lutz Jaenicke wrote:
>
> > ...
> > The browsers don't have the slightest idea on the "server name". The only
> > reliable information is the URL. A hostname being obtained by DNS lookup
> > may already be faked by someone tampering with your DNS servers (or packets).
> > A server name sent by the server itself is also not trustworthy.
> > If you want to connect to "https://www.my-bank.com", you want to be sure
> > to be connected to www.my-bank.com and not to "www.bandits.org", regardless
> > of any other server names/DNS entries...
>
> yes, but how is CommonName matched exactly? is it only matched against the
> hostname extracted from a URL? Thawte's web pages say that if
> CN=www.bandits.org this only matches to URLs that begin with
> https://www.bandits.org/. but what about e.g. imaps://www.bandits.org/ and
> https://www.bandits.org:3333/?
>
> --
> aspa
>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
