On 06/26/2011 02:59 PM, Alain Knaff via RT wrote: > Hello, > > openssl s_client -connect hostname.domain.com:443 does not verify that > the certificate matches the hostname. (i.e. hostname.domain.com should > match either the CN of subject, or in one of the subjectAltNames) > > Without such verification any web site owner who has a certificate can > mount a man-in-the-middle attack against any other web site. verifying a hostname is not part of SSL/TLS layer.
______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
