On Tue, 10 May 2005, Hrvoje Niksic wrote:
curl contains much more elaborate code in ssluse.c:verifyhost(). Although I'm not sure Wget requires an exact replica of curl's logic, *some* check seems necessary for, especially since we claim to verify the server's certificate by default.
It does require a replica, exact or not.
If you verify a server certificate, you must make sure the commonName field matches the host name you communicate with (inluding wildcards).
Then add the subjectAltName fields to the mix and you get a fair amount of code to write. I believe RFC2818 details this.
-- -=- Daniel Stenberg -=- http://daniel.haxx.se -=- ech`echo xiun|tr nu oc|sed 'sx\([sx]\)\([xoi]\)xo un\2\1 is xg'`ol