On 6/26/2011 5:59 AM, Alain Knaff via RT wrote:
openssl s_client -connect hostname.domain.com:443 does not verify that the certificate matches the hostname. (i.e. hostname.domain.com should match either the CN of subject, or in one of the subjectAltNames)
Without such verification any web site owner who has a certificate can mount a man-in-the-middle attack against any other web site.
The certificate is displayed. Because this is merely a test tool and example code, that would seem to be sufficient.
DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
