RE: [openssl.org #3288] openssl 1.1 - X509_check_host is wrong and insufficient

Salz, Rich Wed, 02 Apr 2014 04:27:13 -0700

I don't think it makes sense to have a separate flag.

What's the harm in looking at the CN if you don't find a match in the SAN?


        /r$

--  
Principal Security Engineer
Akamai Technology
Cambridge, MA
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           majord...@openssl.org

RE: [openssl.org #3288] openssl 1.1 - X509_check_host is wrong and insufficient

Reply via email to