My question is related to TLS implementation of xmpp client functionality As u know a xmpp domain may have more than 1 server handling c2s connections. Perhaps that is the original reason why when a client connects to server via TLS it check to see if ssl cert is issued in domain name not server name; that way a domain can use 1 SSL certificate in all servers.
In the opposite case of one server handling multiple virtual domains this is undesirable since otherwise one cert suffices Moreover assuming DNS is safe (big assumption in the past & some will say now) should client not do DNS look up and then use server cert to verify authenticity of it Just curious in general about how xmpp client authors decide to check domain name with the SSL certificate I have tested aidium, ichat (mac), psi, empathy (ubuntu linux) ichat (mac) beem (android) in addition to pidgin on windows and linux TLS implementation of HTTP/SMTP/IMAP/POP do not work like XMPP in this regard
