Hi,
in openssl 1.1 you add a new function X509_check_host, see also RT#2909.
In the current implementation it is incomplete and also wrong. The current
reference to hostname checking should be RFC 6125, which describes the
recommended general behavior and also the behavior for different
Hi, we get the following verification problem in our product, because
some servers like signin.ebay.de, comdirect.de or meine.deutsche-bank.de
add additional certicates to the chain, which are needed for some
clients but not for others. Unfortunatly these are not minor companies
and all of the