On 06/26/2011 02:59 PM, Alain Knaff via RT wrote:
Hello,
openssl s_client -connect hostname.domain.com:443 does not verify that
the certificate matches the hostname. (i.e. hostname.domain.com should
match either the CN of subject, or in one of the subjectAltNames)
Without such verification any web site owner who has a certificate can
mount a man-in-the-middle attack against any other web site.
verifying a hostname is not part of SSL/TLS layer.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
