On Thu, May 12, 2016, Jeffry Dwight wrote: > So, what do you all do? Right now, I'm verifying the cert and its chain, but > ignoring CN mismatches. That seems to be fine for ensuring encryption, but
Only log "problems" (why should I trust some CA?) unless explicitly configured to check (for a few "important"/"known" hosts). > rather defeats the purpose of knowing we're connecting to the proper server. DANE. > Second question: How do you handle self-signed certs? Do you just ignore cases > where the root isn't a trusted root? Same as above. _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop