> While I agree with the other points: > OpenSSL itself does not contain any code to performs these checks: > therefore it does not do it wrong but it also does not do it right; > it doesn't do anything :-) > > Best regards, > Lutz
Lutz is right. I've been looking at so much Open* software lately that I swapped OpenSSL with OpenLDAP. It is OpenLDAP that checks the server identity in proper conformance to the TLS specification. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
