Daniel Stenberg <[EMAIL PROTECTED]> writes: > It does require a replica, exact or not.
It's interesting that none of the OpenSSL examples include such code. In fact, curl may be the single free application that attempts to get this right! > If you verify a server certificate, you must make sure the > commonName field matches the host name you communicate with > (inluding wildcards). > > Then add the subjectAltName fields to the mix and you get a fair > amount of code to write. I believe RFC2818 details this. The RFC says nothing about the OpenSSL API, though, and that's where the fun is. :-)
