Hello, openssl s_client -connect hostname.domain.com:443 does not verify that the certificate matches the hostname. (i.e. hostname.domain.com should match either the CN of subject, or in one of the subjectAltNames)
Without such verification any web site owner who has a certificate can mount a man-in-the-middle attack against any other web site. Thanks, Alain ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
